Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'd like to restrict added users entirely to their own directory and any subdirectories inside. Is there a way to do that when setting up the user? I know you can set a home directory but cd .. will just take them out. I want them to go no deeper than their own directory. This includes FTP as well. Is this possible or do I have to configure them both individually? Thanks a bunch.
To cd into a directory, the directory has to have the execute permission unless you're root. To do this,
execute this as root: chmod o-x which just removes the permission for users other than the owner or group to cd into it.
Allowing users to not cd into any other directory except there own is retarded. You won't be able to run any commands in /usr/bin unless they are in your home folder.
Umm not retarded bobwall, I just got finished building a chrooted jail for all of my users, I run a virtual hosting environment. Would you really want a bunch of people you don't know marauding aroung in your computer with access to a C compiler...ummmmm.....NO! And no they don't have access to other programs but in under 2 megs I give them a nice robust package of file utilities to use to their hearts content. I have achieved jailed ssh/sftp/ftp/and telnet services for them as well. If you'd like to learn how to set this up there is a wonderful tutorial on it here ---> http://www.tjw.org/chroot-login-HOWTO/ I would suggest chrooting ANY user you dont trust AND hardening your system with bastille, which is available here ----> http://www.bastille-linux.org/
I also wrote a full script for building a chroot, if u want it sdouble, just post, I'd be happy to pass it on.
As stated just above, look into chroot. It is a great tool. However, there are some simple ways to get out of certain ones if you have programs running setuid root. So beware. And also know they are slightly difficult to set up if users can run programs. But if it's just for FTP purposes then it's not an issue if they can't see binaries on the system.
As far as the setuid, bastille takes care of all of that for you in the hardening process, I believe it takes all the "sticky bits," setuid bits off by default so only root can run "potentially dangerous" programs. Of course you can say no to this option and just take the setuid privileges off manually too if you want to customize it so that users can run some of them. The chroot tutorial that i stated above is a pretty secure jail. Don't think anyone could really get out w/out access to a C-compiler.
At least no one has yet.. lol
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.