Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
is it possible to make that user can not move from his own home directory?
thank you in advance!
Maybe, but you provide no details.
What KIND of user? (console? SSH? Telnet? FTP?). What version/distro of Linux? What you're talking about is "chroot", and can be done for SSH and FTP users. You can probably script something to make sure the user can't change directories above their own home dir, too, depending on what you're talking about.
You modify a shell profile for the user with an alias for cd command that will block/substitute his attempts to move elsewhere. Make the profile file writable to root only, so the user could not overwrite it, yes, don't forget exporting it.
I hope it helps. See "Learn Linux for a Beginner" DVDs by unixacademy.com for questions like that.
Yes...because with those permissions, no one except root could get to the /etc directory, to read default profile information, password/shadow files, etc. They'd also be unable to start a shell, since they're in /bin/bash, which would be excluded from the path by those permissions, not to mention all the applications you'd break by doing that recursively from root.
Originally Posted by myposts
You modify a shell profile for the user with an alias for cd command that will block/substitute his attempts to move elsewhere.
..except that the user will then be unable to change directories WITHIN his own home directory.
Originally Posted by booyeeka
it's for ssh user.
so, let's call it regular-no-root user, that belongs to some custom group...
You STILL say nothing about version/distro of Linux. Read my first post again, about SSH supporting chroot'ed users. It effectively making their own home directories look like the "/" directory. Since they're already effectively at top-level, they obviously can't go up, or anywhere else, if they're chroot'ed. Since you don't give any details about version/distro of Linux, go to Google and look up "linux chroot ssh" for your version. Follow the instructions.
You do realize you'll need to put copies of all the required binaries and libraries into the chroot'ed environment, right? Nine times out of ten when I see someone doing this they're going on a roundabout way to solve some particular problem. What exactly are you trying to accomplish by limiting a user to his home directory? On a well-secured system it's generally not a problem to let the user traverse the file system unless you have some very special requirements.
In any case look into chrooting ssh ... if you Google there are a number of guides on how to do it. You can also put bash into restricted mode which will let the user access needed binaries and libraries, but won't let them change directories at all IIRC so they're stuck in their home directory. Depending on your exact requirements, this may be good enough.