LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 09-02-2004, 10:18 PM   #1
sdouble
LQ Newbie
 
Registered: Sep 2003
Distribution: Fedora Core 3
Posts: 23

Rep: Reputation: 15
Question Restricting users?


I'd like to restrict added users entirely to their own directory and any subdirectories inside. Is there a way to do that when setting up the user? I know you can set a home directory but cd .. will just take them out. I want them to go no deeper than their own directory. This includes FTP as well. Is this possible or do I have to configure them both individually? Thanks a bunch.
 
Old 09-02-2004, 10:29 PM   #2
bobwall
Member
 
Registered: Jul 2004
Location: Milpitas, California
Distribution: 1/2 Debian 1/2 my own
Posts: 189

Rep: Reputation: 30
To cd into a directory, the directory has to have the execute permission unless you're root. To do this,
execute this as root: chmod o-x which just removes the permission for users other than the owner or group to cd into it.

Allowing users to not cd into any other directory except there own is retarded. You won't be able to run any commands in /usr/bin unless they are in your home folder.
 
Old 09-03-2004, 01:11 AM   #3
linux_terror
Member
 
Registered: Aug 2004
Location: Northbrook, Illinois
Distribution: CentOS-5
Posts: 311

Rep: Reputation: 30
Umm not retarded bobwall, I just got finished building a chrooted jail for all of my users, I run a virtual hosting environment. Would you really want a bunch of people you don't know marauding aroung in your computer with access to a C compiler...ummmmm.....NO! And no they don't have access to other programs but in under 2 megs I give them a nice robust package of file utilities to use to their hearts content. I have achieved jailed ssh/sftp/ftp/and telnet services for them as well. If you'd like to learn how to set this up there is a wonderful tutorial on it here ---> http://www.tjw.org/chroot-login-HOWTO/ I would suggest chrooting ANY user you dont trust AND hardening your system with bastille, which is available here ----> http://www.bastille-linux.org/
I also wrote a full script for building a chroot, if u want it sdouble, just post, I'd be happy to pass it on.

linux_terror
 
Old 09-03-2004, 03:05 AM   #4
realjustin
Member
 
Registered: Aug 2004
Location: /dev/null
Distribution: Slack 10, Debian
Posts: 99

Rep: Reputation: 15
As stated just above, look into chroot. It is a great tool. However, there are some simple ways to get out of certain ones if you have programs running setuid root. So beware. And also know they are slightly difficult to set up if users can run programs. But if it's just for FTP purposes then it's not an issue if they can't see binaries on the system.
 
Old 09-03-2004, 03:58 AM   #5
linux_terror
Member
 
Registered: Aug 2004
Location: Northbrook, Illinois
Distribution: CentOS-5
Posts: 311

Rep: Reputation: 30
Thanks realjustin

As far as the setuid, bastille takes care of all of that for you in the hardening process, I believe it takes all the "sticky bits," setuid bits off by default so only root can run "potentially dangerous" programs. Of course you can say no to this option and just take the setuid privileges off manually too if you want to customize it so that users can run some of them. The chroot tutorial that i stated above is a pretty secure jail. Don't think anyone could really get out w/out access to a C-compiler.
At least no one has yet.. lol

Have fun.

linux_terror
 
Old 07-05-2006, 07:48 PM   #6
neocontrol
Member
 
Registered: Jul 2005
Posts: 273

Rep: Reputation: 31
Hi,

I was wondering if I could get on that script too?

Thanks,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting users to their home folder supervillan Linux - Newbie 2 04-08-2009 12:47 PM
Restricting su to certain users roadin Suse/Novell 4 03-15-2005 01:17 PM
Restricting FTP Users mtellin Linux - Networking 1 02-28-2002 09:54 PM
Wu-FTP / Restricting users to one directory DJFauß Linux - Networking 0 12-22-2001 12:42 PM
restricting users to one folder flip-x Linux - Security 0 02-18-2001 06:37 PM


All times are GMT -5. The time now is 10:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration