LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-14-2010, 05:15 PM   #1
booyeeka
LQ Newbie
 
Registered: Apr 2010
Posts: 12

Rep: Reputation: 0
User that can not move from his own home dir


is it possible to make that user can not move from his own home directory?

thank you in advance!
 
Old 08-14-2010, 05:27 PM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,601

Rep: Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570
Quote:
Originally Posted by booyeeka View Post
is it possible to make that user can not move from his own home directory?

thank you in advance!
Maybe, but you provide no details.

What KIND of user? (console? SSH? Telnet? FTP?). What version/distro of Linux? What you're talking about is "chroot", and can be done for SSH and FTP users. You can probably script something to make sure the user can't change directories above their own home dir, too, depending on what you're talking about.
 
Old 08-14-2010, 05:29 PM   #3
myposts
Member
 
Registered: Jun 2010
Posts: 46

Rep: Reputation: 21
simply...

You modify a shell profile for the user with an alias for cd command that will block/substitute his attempts to move elsewhere. Make the profile file writable to root only, so the user could not overwrite it, yes, don't forget exporting it.

I hope it helps. See "Learn Linux for a Beginner" DVDs by unixacademy.com for questions like that.

Last edited by myposts; 08-14-2010 at 05:30 PM.
 
Old 08-14-2010, 05:31 PM   #4
booyeeka
LQ Newbie
 
Registered: Apr 2010
Posts: 12

Original Poster
Rep: Reputation: 0
it's for ssh user.

so, let's call it regular-no-root user, that belongs to some custom group...
 
Old 08-14-2010, 07:04 PM   #5
jv2112
Member
 
Registered: Jan 2009
Location: New England
Distribution: Arch Linux
Posts: 718

Rep: Reputation: 102Reputation: 102
Am I being to simple---->

chmod -R 700 /
 
Old 08-14-2010, 07:41 PM   #6
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,601

Rep: Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570
Quote:
Originally Posted by jv2112 View Post
Am I being to simple---->
chmod -R 700 /
Yes...because with those permissions, no one except root could get to the /etc directory, to read default profile information, password/shadow files, etc. They'd also be unable to start a shell, since they're in /bin/bash, which would be excluded from the path by those permissions, not to mention all the applications you'd break by doing that recursively from root.

Quote:
Originally Posted by myposts
You modify a shell profile for the user with an alias for cd command that will block/substitute his attempts to move elsewhere.
..except that the user will then be unable to change directories WITHIN his own home directory.

Quote:
Originally Posted by booyeeka
it's for ssh user.
so, let's call it regular-no-root user, that belongs to some custom group...
You STILL say nothing about version/distro of Linux. Read my first post again, about SSH supporting chroot'ed users. It effectively making their own home directories look like the "/" directory. Since they're already effectively at top-level, they obviously can't go up, or anywhere else, if they're chroot'ed. Since you don't give any details about version/distro of Linux, go to Google and look up "linux chroot ssh" for your version. Follow the instructions.

Last edited by TB0ne; 08-14-2010 at 07:45 PM.
 
Old 08-15-2010, 01:52 AM   #7
booyeeka
LQ Newbie
 
Registered: Apr 2010
Posts: 12

Original Poster
Rep: Reputation: 0
it's fedora distro. but i don't know why it's distro-related...
 
Old 08-15-2010, 02:03 AM   #8
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,114

Rep: Reputation: 312Reputation: 312Reputation: 312Reputation: 312
You do realize you'll need to put copies of all the required binaries and libraries into the chroot'ed environment, right? Nine times out of ten when I see someone doing this they're going on a roundabout way to solve some particular problem. What exactly are you trying to accomplish by limiting a user to his home directory? On a well-secured system it's generally not a problem to let the user traverse the file system unless you have some very special requirements.

In any case look into chrooting ssh ... if you Google there are a number of guides on how to do it. You can also put bash into restricted mode which will let the user access needed binaries and libraries, but won't let them change directories at all IIRC so they're stuck in their home directory. Depending on your exact requirements, this may be good enough.
 
Old 08-15-2010, 12:11 PM   #9
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,601

Rep: Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570Reputation: 2570
Quote:
Originally Posted by booyeeka View Post
it's fedora distro. but i don't know why it's distro-related...
First, it's common courtesy to supply details when asking a question.

Second, as said before, the instructions/packages for setting up chroot'ed SSH vary by distro. So what works on Ubuntu, won't necessarily work on Fedora, that's why.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
locking user to their home Dir andy1974 Linux - Security 6 10-02-2008 07:46 AM
How do I MOVE /HOME dir and run it from USB instead of harddrive? trapix22 Linux - Software 1 05-16-2007 08:48 AM
user home dir doesn't create when new user add dev_mohamed Linux - Software 3 01-12-2007 01:08 AM
recover user and home dir powadha Linux - General 5 04-16-2004 09:08 AM
Lock user in their home dir MarleyGPN Linux - Software 1 04-26-2003 05:12 AM


All times are GMT -5. The time now is 10:08 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration