Limiting folders and commands for a user
Gentleman,
i'd like to add a user that will conect to my host by FTP and execute some commands, but I want to limit his activity to a specific folder (he can't even leave that folder) and also limit his commands (he can't create files, delete anything, etc...). Thnx people. |
http://vsftpd.beasts.org/
Configure your user to be in a chroot (he can't move out of a folder) and put proper permissions (only read and list for example) |
OK, but what if I wasn't using ftp ? How to reduce the commands a normal user can execute ? But thnx for the answer above, guess it solves the issue for this special case...
|
I see several methods:
* Use Chrooted ssh. http://www.linuxquestions.org/questi...d.php?t=415231 The user can only execute the commands that you have put in the jail, very restrictive. * Use PAM to restrict access to resources. I'm not very familiar yet with PAM so you will need help from someone else sorry. * Modify permissions on available binaries Chmod o-x on a lot of sensitive files |
I found a JAIL script in PERL that does all the boring stuff like copying bash into the folder so that it works, and copying dependencies. It's doing what i wanted, but there's still one doubt...If I use CHROOT, how can I do so that when the user logs in the chroot runs and makes his / the folder I want...
|
Yes this perl script should do the job but I prefer to do it myself. Makejail?
To check if he is really chrooted, make a ps, take the pid of his bash. then go in /proc/<pid> and look at the file root. this file should point to the root of the chroot. Should display root->/jail/ |
All times are GMT -5. The time now is 01:42 AM. |