LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-24-2012, 08:57 AM   #1
badger_fruit
Member
 
Registered: Dec 2008
Posts: 43

Rep: Reputation: 1
"Locking" a user into a specific directory


Hi all
I've been asked to secure our OpenSuse server but I have no idea where to start and hope that someone can point me in the right direction (tutorials or examples would be greatly appreciated!).

The current situation is we have three local users: root, user1 and user2

Root and user1 are to be allowed "full access" to the file-system, but user2 can not be allowed outside of their home directory.

I *think* this is called jailing or something but as it's not something I've any experience with I was hoping for some pointers please


Many thanks for reading, I hope that someone can help!!
 
Old 10-24-2012, 09:04 AM   #2
epislav
LQ Newbie
 
Registered: Jun 2012
Posts: 20

Rep: Reputation: Disabled
Look at this article: http://www.techrepublic.com/blog/ope...irectories/229
 
Old 10-24-2012, 09:10 AM   #3
badger_fruit
Member
 
Registered: Dec 2008
Posts: 43

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by epislav View Post
Wow, thank you for the prompt reply!
It does sound like the thing although typically, it's their shell access we need to restrict as they'll SSH in ... I will give it a whirl and, well, post back my results!
 
Old 10-24-2012, 09:33 AM   #4
badger_fruit
Member
 
Registered: Dec 2008
Posts: 43

Original Poster
Rep: Reputation: 1
Hmm, unfortunately, following these instructions didn't work; user2 was able to move outside of /chroot/user2 ...
For reference, I have configured the user (via Yast) to have their home directory set to /chroot/user2 and then followed the guide (although I did get one error/warning:-

$PROMPT # cp -p /lib/{ld-linux.so.2,libc.so.6,libdl.so.2,libtermcap.so.2} lib/
cp: cannot stat `/lib/libtermcap.so.2': No such file or directory

Am I missing something or is there a different process for OpenSuse12.1 (as I notice this was a Mandriva specific guide)?
Thanks again!
 
Old 10-24-2012, 10:02 AM   #5
epislav
LQ Newbie
 
Registered: Jun 2012
Posts: 20

Rep: Reputation: Disabled
Well, main part is "chroot directory /bin/bash" which will change root to <directory> and run /bin/bash in jailed enviroment
The cp stuff is to get bash and its libraries to chrooted directory
 
Old 10-24-2012, 10:19 AM   #6
badger_fruit
Member
 
Registered: Dec 2008
Posts: 43

Original Poster
Rep: Reputation: 1
Well, after a bit more googling, I found this thread --> http://forums.opensuse.org/archives/...root-suse.html
Which led to this website --> http://www.fuschlberger.net/programs...p-chroot-jail/
Which led to this shell-script --> http://www.fuschlberger.net/programs...chroot_jail.sh
Which, after some modification, led to being able to chrooting or jailing users successfully
 
Old 10-25-2012, 02:29 AM   #7
jsaravana87
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 558
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
but user2 can not be allowed outside of their home directory
.You can lock(jail) the user to home directory using /bin/rbash shell


http://www.cyberciti.biz/faq/restric...ectories-only/
 
Old 10-25-2012, 04:34 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by arun5002 View Post
.You can lock(jail) the user to home directory using /bin/rbash shell
Note 'rbash' drastically reduces functionality and does not stack up to earlier mentioned chroot jail.


Quote:
Originally Posted by badger_fruit View Post
I've been asked to secure our OpenSuse server but I have no idea where to start
Just asking since jail is all that has been addressed here: is that really all you needed to accomplish? I mean there's more to securing a server than confining user accounts.
 
Old 10-25-2012, 04:46 AM   #9
jsaravana87
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 558
Blog Entries: 5

Rep: Reputation: Disabled
@unspawn .Currently im using /bin/rbash shell to lock (or) jail the user to home directory .Whether there is any other method available to lock the user to there home directory via ssh.
 
Old 10-25-2012, 05:03 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by arun5002 View Post
@unspawn (..) any other method available to lock the user to there home directory via ssh.
For questions that do not help solve or address the OPs questions please create your own thread next time, OK? For modern OpenSSH versions see the "ChrootDirectory" directive.
 
1 members found this post helpful.
Old 10-25-2012, 11:35 AM   #11
badger_fruit
Member
 
Registered: Dec 2008
Posts: 43

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by unSpawn View Post
Just asking since jail is all that has been addressed here: is that really all you needed to accomplish? I mean there's more to securing a server than confining user accounts.
Hi
Sorry for the delay in replying; locking users into specific directories is only a part of the whole "secure the server" plan we have
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
2 specific Sendmail questions about "delay_checks" and "Connect:" in access.db fast-reflexes Linux - Server 0 08-05-2010 10:33 AM
Mystery user "mike" in home directory tekmann33 Linux - Software 3 07-13-2009 06:47 PM
Is "~/" assumed to be a user's home directory ColKurtz Linux - Newbie 3 01-25-2005 10:49 PM
permissions of my /home/"user" directory error darkleaf Linux - Software 10 09-26-2004 03:08 AM
Does anyone know the origin of using "~" to represent the user's home directory? GonzoJohn General 6 10-14-2003 04:42 PM


All times are GMT -5. The time now is 04:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration