LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-02-2009, 08:00 PM   #1
PhloxLot
LQ Newbie
 
Registered: Aug 2009
Location: Staten Island, NY
Distribution: Ubuntu 8.04
Posts: 3

Rep: Reputation: 0
limit what folder a user can access when using ssh and an editor


I have a jail setup on a server where my students logon using ssh and they program using vim. My jail setup currently allows them to only work in the directory /home/jail/home/username and only issue select shell commands. I would like to extend the use of an editor or IDE but I don't know how to prevent them from going "up-stream"(outside of their own folder) when they do a file-->open, or edit or save from the editor.

When they open an editor from their ssh terminal window, are they opening a child process or an completely independent process? If they are opening a child process, I have a script that filters their commands and limits what they can do. I would think that I could filter commands issued from the editor within this script. Correct? If not, how would I do it?

Last edited by PhloxLot; 08-02-2009 at 08:03 PM.
 
Old 08-03-2009, 01:08 AM   #2
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 66
I've never worked with chroot but I'll at least say that AFAIK, if the user is properly jailed, and runs vi, vi should only be able to access files in the jail. anything in a higher directory simply shouldn't exist.
 
Old 08-03-2009, 07:32 AM   #3
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,287

Rep: Reputation: 97
Anything spawned from the ssh session should be a child process of that SSH session, if you were to look at it in pstreee you would see that. However, how are you going to run the IDE is it a test based IDE or GUI based, if GUI based how are you going to run that?
 
Old 08-03-2009, 03:21 PM   #4
tuxhats
Member
 
Registered: Dec 2005
Location: Austin, Texas area
Distribution: I have multiple Distos available, but I mostly use Ubuntu.
Posts: 47

Rep: Reputation: 16
pstrace or strace may be what you need to use in some matter. I'm not sure how to implement this should a user, from a shell enter say, gedit. Can it capture say "File Open" and return the users home directory as the highest file level they can see? Perhaps someone in the forum we have here called "Non-*NIX" under "Programming" might be of help.

Last edited by tuxhats; 08-03-2009 at 03:43 PM.
 
  


Reply

Tags
editor, security, ssh, using


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Limit access to folder from all, even root robinsodergren Linux - Security 9 03-12-2009 10:11 AM
limit new userid with no shell to access particular folder only itik Linux - Security 1 10-08-2008 04:59 AM
Folder Max Size and Limiting SSH access to home folder. Mefistofeles Linux - General 4 11-26-2005 02:09 PM
user/folder size limit dfcc Linux - Software 5 10-08-2005 05:56 AM
Limit folder access in NFS Min Donner Linux - Networking 7 08-20-2004 01:54 PM


All times are GMT -5. The time now is 12:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration