Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Solaris 9, FreeBSD 4.10, Slackware, RedHat, Knoppix,
Posts: 84
Rep:
user jailing ?
hi,
I would like to know if there is a way (well, there certainly is) to lock a particular user (or all users) in their home directory. This is exactly what i m looking for -
There is a centrally located Linux (RedHat 9.0) server to which users login to their shell accounts. Now what i want to do is to restrict the users to their home directory so that they cant move out of their home directory - in other words chroot $HOME - but that is only possible as r00t. i tried adding "chroot $HOME" line in /etc/bashrc but that can be executed only as root. So is there a way that whenever someone logs in - he cant move out of his home directory ----- both for FTP and shell...
Yes, it can be done, but remember chroot restricts whomever or whatever is inside the jail to just what's in the jail with them. Meaning they can not access any applications or files not installed inside the jail. For instance, if you simply run "chroot /tmp" as root you will get an error about not being able to find /bin/bash because there is no /bin/bash inside the jail. But if you copy /bin/bash to /tmp/bin/bash and any dependancies it has into the jail as well, it will work. You can not simply prevent a user from moving about the file system while at the same time allowing the user to use those files. Make sense? Anyway here is a link to a project that sets it up for you.
You could also setup Virtual Machines which are completely separate systems all running on and sharing the same hardware. But at the end of the day the simpliest thing to do is to not give shell access to those you do not trust, else you are just asking for trouble.
Distribution: Solaris 9, FreeBSD 4.10, Slackware, RedHat, Knoppix,
Posts: 84
Original Poster
Rep:
Thanks for the help guys,
setting up a chroot "jail" is one of the most time consuming thing in linux... Is this the only way i can restrict shell commands (pfffft). Well then for each and every user i ll have to spend huge time (maybe i ll write a script?).
Is there any other way to do it.....like is this how all the website providers and free shell providers achieve doing it?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.