LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 04-03-2007, 04:25 PM   #1
paroxsitic
LQ Newbie
 
Registered: Apr 2007
Posts: 10

Rep: Reputation: 0
Locking SSH user to home directory.


It is my understanding that I have to look more into chroot. Upon research I've found chroot is used mostly for making community jails. That is, a directory like /home/jail is used as a fake root. Each user apart of the jail has a normal /home/jail/home/username home and it seems to them they are are not in a jail. It's mostly like this because jails require their own bin and lib files among other things, and this is also way you can pick and choose which commands your jailed users run.

I don't need some fancy emulated effect of a root. I am mostly interested in keeping users out of other users home directories. It would be ideal if by simply trying to cd out of their home directory they get a PERMISSION DENIED.

I have already achieved this with FTP by means of proftpd. Now I'd like this same setup for SSH and SFTP. Any and all information that contains the most basic and simplistic way I can set up this security will be appreciated.
 
Old 04-03-2007, 04:36 PM   #2
TomGibbons
Member
 
Registered: Sep 2003
Location: San Diego, CA
Distribution: Fedora 8 and CentOS 5.1
Posts: 31

Rep: Reputation: 15
Quote:
Originally Posted by paroxsitic
...I am mostly interested in keeping users out of other users home directories...
Well they shouldn't have access to other users' home directories at all anyway, unless your permissions are jacked up. Have you tried it and successfully moved into the home directory of another user?
 
Old 04-03-2007, 06:50 PM   #3
paroxsitic
LQ Newbie
 
Registered: Apr 2007
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TomGibbons
Well they shouldn't have access to other users' home directories at all anyway, unless your permissions are jacked up. Have you tried it and successfully moved into the home directory of another user?
My permissions must be jacked up then. I need their /home/username/www and home/username/palace/media both of these have to be executable by anyone to my understanding. Both of them are just symbolic links to websites, and apache says you dont have permission to view the files when I get rid of executable rights for their home directory.

I also dont want the home directory to be visible at all. One reason is because when you ls -l the home directory it shows all the user names. I could have their home directory named something besides their username, but then my webmin modules use the logged in user for reference.

Last edited by paroxsitic; 04-03-2007 at 06:53 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Active Directory User Cannot Write to Samba Home Directory jonwatson Linux - Networking 2 12-19-2006 01:40 PM
Locking users to home directory... CRCool75 Linux - Networking 3 08-19-2006 07:03 AM
locking a user in his home dir codewolf Linux - Security 6 05-11-2006 08:42 PM
Locking user into /home/user zaimor Linux - Security 10 11-06-2005 07:34 PM


All times are GMT -5. The time now is 06:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration