Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
While this should probably be possible, ALL programs you want them to be able to run... and all shared libraries... must be located within the chroot. This includes bash. Also, in order for them to change their own password, they would need access to /etc/shadow.
you can't login via ssh using rbash as shell? Hm. I didn't know that.
maybe you could login normally and then start rbash using the .~/.bashrc script (or some of the other bash scripts). The script would execute rbash and then exit right away once the rbash session is done. Might work. You should first probably check how your system behaves when you login normally and then execute
from the command line.
you could simply remove access permissions to the directories. Just remove read and execute permissions for others to the directories owned by root and nobody except root will have access to them. It's no good for the directories containing bash and the needed libraries though.
what exactly are the restrictions you want? If you just don't want users to have read/write access to certain files, you can accomplish that by setting the permissions to these files and directories in the way you want.
If you want something like chroot, you will have to figure out which binaries and libraries are required at the minimum (it could quite a lot) and move them to your home directory. You can chroot if you set the sticky bit for chroot and then have it executed by .bash_profile. But it's gonna be a pain...