LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 10-13-2005, 03:49 AM   #1
Pacux
LQ Newbie
 
Registered: Sep 2005
Posts: 19

Rep: Reputation: 0
limit user access


howto limit user access so the user can't leave his home directory
 
Old 10-13-2005, 07:00 AM   #2
mjjzf
Member
 
Registered: Feb 2004
Location: Valby, Denmark / Citizen of the Web
Distribution: Slackware 14.1
Posts: 879

Rep: Reputation: 38
Can't you just chmod -R the whole system, so only the owner can read and write to files?
 
Old 10-13-2005, 07:01 AM   #3
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 773
Blog Entries: 6

Rep: Reputation: 75
Thread (16 views) no one answer

i cant answer you too because not understand what u need pls explain little bit detail

cheers
 
Old 10-13-2005, 07:10 AM   #4
Pacux
LQ Newbie
 
Registered: Sep 2005
Posts: 19

Original Poster
Rep: Reputation: 0
i think i want the users to view what is in their home directory, and only that. so that a user who try to write cd .. in his home directory only end up in his home directory. the home directory i the users root directory.
 
Old 10-13-2005, 07:19 AM   #5
mjjzf
Member
 
Registered: Feb 2004
Location: Valby, Denmark / Citizen of the Web
Distribution: Slackware 14.1
Posts: 879

Rep: Reputation: 38
Hehe. You could change the file permissions to make the cd command root-only. But that won't change much if they know the system - they can still fsck up the files. But why can't they leave their /home? It is not as if they can change anything anyway, if they are not root?
 
Old 10-13-2005, 07:38 AM   #6
Gort32
Member
 
Registered: Sep 2004
Distribution: Slack!
Posts: 150

Rep: Reputation: 15
The "proper" way to do this would involve chroot but then you are going to have to set up an entire mini-filesystem withing their home directory. This might be worth it if you are dealing with allowing members of the general public access to your server (e.g. hosting service) but if this is a general-use workstation or a server for a small group I wouldn't worry about it - *nix in general was built form the ground up to be a fully-multiuser system.
 
Old 10-13-2005, 07:48 AM   #7
ringwraith
Senior Member
 
Registered: Sep 2003
Location: Indiana
Distribution: Slackware-current
Posts: 1,244

Rep: Reputation: 47
You don't want anything other than their own /home directory to be readable. Do you want any binaries in /bin, /sbin, /usr/ to be executable? The real key is not to give anyone an account that you don't trust.

Last edited by ringwraith; 10-13-2005 at 07:50 AM.
 
Old 10-13-2005, 08:04 AM   #8
mjjzf
Member
 
Registered: Feb 2004
Location: Valby, Denmark / Citizen of the Web
Distribution: Slackware 14.1
Posts: 879

Rep: Reputation: 38
Thumbs up

Interesting admin approach, RW: Only allow trusted people on the system.
Of course, this would make you a very hungry ISP...
The right thing here would, perhaps, be to play with group settings where users and members of the group 'users' can't see, well, anything but /home. Then other groups can be defined separately. But there is much work in this.

Last edited by mjjzf; 10-13-2005 at 08:05 AM.
 
Old 10-15-2005, 05:43 PM   #9
Pacux
LQ Newbie
 
Registered: Sep 2005
Posts: 19

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Gort32
The "proper" way to do this would involve chroot but then you are going to have to set up an entire mini-filesystem withing their home directory. This might be worth it if you are dealing with allowing members of the general public access to your server (e.g. hosting service) but if this is a general-use workstation or a server for a small group I wouldn't worry about it - *nix in general was built form the ground up to be a fully-multiuser system.
would you explain the usage of chroot to me?
 
Old 10-15-2005, 07:26 PM   #10
Gort32
Member
 
Registered: Sep 2004
Distribution: Slack!
Posts: 150

Rep: Reputation: 15
chroot is pretty complicated...WIkipedia can explain it better than I

Quote:
A chroot on Unix operating systems is an operation which changes the root directory. It affects only the current process and its children. "chroot" itself can refer to the chroot(2) system call or the chroot(8) wrapper program.

A program that is re-rooted to another directory cannot name files outside that directory. This provides a convenient way to sandbox an untrusted, test or otherwise dangerous program. It is also a simple kind of jail mechanism.

In practice, chrooting is complicated by programs expecting at startup to find scratch space, configuration files, device nodes and shared libraries at certain preset locations. To allow programs to spawn inside the chroot directory, it must be populated with a minimum set of these files, preferably carefully chosen so as not to allow unintended access to the outside system.

Programs are allowed to carry open file descriptors (for files, pipelines and network connections) into the chroot, which can simplify jail design by making it unnecessary to leave working files inside the chroot directory. This also works as a simple capability system, in which the program is explicitly granted access to resources outside the chroot based on the descriptors it can carry in.
http://en.wikipedia.org/wiki/Chroot

Like I said, it is rather complicated... Do some research on chroot jail and you should be able to find the answers that you seek.
 
Old 10-17-2005, 07:52 AM   #11
ringwraith
Senior Member
 
Registered: Sep 2003
Location: Indiana
Distribution: Slackware-current
Posts: 1,244

Rep: Reputation: 47
OsourceDiplomat: I guess I assumed a Sysadmin for an ISP would not be on LQ asking how to do this. I took him to be a home user that was going to offer shell accounts to his buddies.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Limit the access to user connectiing through SCP Menestrel Linux - Newbie 4 07-14-2005 05:36 PM
How do I limit Internet access? jmelgin Linux - Newbie 12 07-06-2005 05:07 PM
Limit access with Apache lothario Linux - Security 1 01-24-2005 01:53 AM
Block ports and limit access esears Linux - Security 2 06-09-2004 01:45 AM
limit access flex411 Linux - Security 12 03-09-2004 07:32 AM


All times are GMT -5. The time now is 07:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration