Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Now I have never needed to share my server, but recently a few friends of mine want to host some pictures from my server, no problem as i already run a website from home,
I created a user ie, james, I then created a symlink from his home directory to /var/www/html/james
great, tested it all out allworks, but the user has access to the whole server via ssh, how can I only allow him to use, his home dir, and the sym link i created in there to var/www/html/james
The reason it's all so tricky is that jailing a user to a certain directory tree involves 'chroot'ing' them - physically changing what their session views as the "root" of the system's directory structure. This means that done improperly, they can type "cd /" and they'll actually get to /var/www/html (or whatever you've got it set up to be). They won't be able to see any other parts of your directory structure... which include /bin/, /usr/bin, /dev, /home, etc - and without those, most commands won't work at all. Take a look at just what would be off-limits were they not allowed access to /bin, and you'll see what I mean.
So chroot'ing involves rerouting a lot of that stuff into whatever directory you want the user jailed into, so they can have a more or less usable system.
Something else to check is what he can actually DO with the rest of the server. Chances are good he can read everything, but that in and of itself isn't a problem. He most likely can't write most of the other places.Just make sure you lock him down if you give him sudo ability. Check out man sudo (if you are aven going to allow him sudo access), and restrict his ability to not do anything other than restart httpd and anything along those lines that he may need.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
