LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 02-18-2003, 06:13 PM   #1
hydro
Member
 
Registered: Feb 2003
Distribution: Slackware 9.0
Posts: 82

Rep: Reputation: 15
new user has access to whole system


Hey guys, I Installed proftpd so my comrades( ) could upload there files

adduser bob

passwd bob
- bobo
- bobo

now i ftp in, works, but if I click ".." up one root, i can access it, and acces /bin, /dev e.t.c

so i also tried to login to shell

it went! and I could hop into /bin , /home/otherusernames


but I decided to turn of shell access for that dude by adding "/sbin/nologin" in etc/passwd... but if he uses ftp.. he can still access teh whole system

how can I lock the user to /home/bob for the whole system(when i decide to give him shell acces)

I dont want him snooping in other users file along with /etc/passwd
 
Old 02-18-2003, 06:30 PM   #2
MasterC
Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 64
With a defaultRoot entry, see my proftpd.conf file at:
www.masterc.no-ip.org/share

Look near the top, it's the DefaultRoot ~

Cool
 
Old 02-18-2003, 06:42 PM   #3
hydro
Member
 
Registered: Feb 2003
Distribution: Slackware 9.0
Posts: 82

Original Poster
Rep: Reputation: 15
ok but how about if he telnet/ssh into a shell...
 
Old 02-18-2003, 06:45 PM   #4
MasterC
Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 64
Use rbash. Here's a clip of my /etc/passwd file:
swerv154:x:1001:100:Kelly:/home/swerv154:/bin/rbash

(That's my brother's account )

Cool
 
Old 02-18-2003, 06:47 PM   #5
MasterC
Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 64
http://www.linuxquestions.org/questi...ighlight=rbash

That's a thread further explaining rbash

Cool
 
Old 02-18-2003, 06:49 PM   #6
hydro
Member
 
Registered: Feb 2003
Distribution: Slackware 9.0
Posts: 82

Original Poster
Rep: Reputation: 15
i cant catch the error.. but when i login under a /bin/rbash i get some error "no shell" or something

does this mean i dont have rbash?
 
Old 02-18-2003, 06:57 PM   #7
MasterC
Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 64
You may have to add /bin/rbash (after you do the symlink) to /etc/shells if it exists. However, if you read the thread above, I think you'll see why you are getting that (you haven't yet done the symlink /bin/bash /bin/rbash; or you have improperly done it, or symlinked something improperly).

Cool
 
Old 02-18-2003, 07:16 PM   #8
Texicle
Member
 
Registered: Oct 2002
Location: Northern Ontario, Canada
Distribution: Slackware 10.0
Posts: 789

Rep: Reputation: 30
You could add all your ftp user accounts to a specific group, then make the permissions for that group a little more restricted. Your main user account can have more permissions locally if you want, just add that account to another group with a little more permissions. You can also specify which users have permission to "su" as well. If that user can only read from stuff other than his /home/user directory, he can't do any harm--however, if you deny him (and all others in that group) permission to read, write, or excute anything but what's in their respective /home/user directory, then your even safer. I would also deny everyone the ability to execute anything under /home/user as well just in case you get a malicious person on your system who uploads something to you, then runs it. Next thing you know you've got a rootkit on your box and someone's got a back door. Just a thought.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Giving a user (not a root) an access to some system commands asschay Linux - Newbie 8 09-08-2005 05:53 PM
how to deny user to use ftp to access system ust Linux - Software 4 05-23-2005 08:39 PM
I lose ftp access when I disable shell access for user captainObvious Linux - General 3 11-13-2004 05:49 PM
grant user access to /fat-c & copying users' preferences to another user n0x Linux - Newbie 1 07-04-2004 12:04 AM
getting access denied , when trying to access camera as normal user bennythepitbull Linux - Hardware 2 11-04-2003 02:30 AM


All times are GMT -5. The time now is 02:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration