|
Users can only see home directory
Hi,
On my Fedora system, I want users to be only able to see their home directory and all the subfolders. Right now, when I add a new user using "useradd", they can all see the content in every directory, even the "/". What can I do to achieve this? |
You'll need to use a chroot in order to achieve this.
Note, however, if they are in a chroot, they need a copy of EVERY program, even things like /bin/ls, that they will want to run, in their home directory (i.e., /home/USERNAME/bin). This can be accomplished, I think, by using hardlinks to the real files. Of course, that would only work if /home and /bin reside on the same partition. Most likely, you'll need to make full copies (or explore alternatives, like using busybox, and creating a /home/bin to which you can make hardlinks for each user). |
One question about chroot:
I've managed to create a chrooted env for a user that i need in order to connect through ssh so i copied all the needed files and created a second 'virtual hierarchy'. The thing is: When i connect through an ssh client, the hierarchy has: / |--bin | |--dev | |--home | |--lib | |--usr Is there some way to make all the folders except home invisible? |
Um, I simply would have removed the read flags of the directories for group users except on home and below...
|
Are you able to run things when you can't see them? In other words, can one run /bin/ls when one doesn't have the permission to read the folder /bin?
|
Should be possible, there's the executeable flag as well. Why don't you try? (I'm sitting at a Windows box right now ... :rolleyes: ).
|
i thought you'd say that, so i've already tried but it seems that DaFrawg is right.
When i chmod o-r, nothing works... |
You removed the read permission from all the executables, didn't you? That doesn't work. Try removing it from directories only.
Code:
chmod o-r `find / -type d` |
The previous command might not work.
Code:
find / -type d -print0 | xargs -0 chmod o-r |
i'll try that later and i'll tell you if it works...
btw, i did 'chmod o-r' for /usr,/bin,/dev,/lib. Does that make a recursive change on the files too? |
it seems i made some mistake yesterday.
i just chmoded the folders and now the user is not able to open them. the only thing that remains now is to make them invisible...any ideas? |
Did you also chmod / ?
|
Quote:
|
Quote:
I don't know if it matters, but I think you still have the subdirectories in /usr etc. listable as long as a user can guess their names (which shouldn't be too difficult for the standard directories). Why are you doing this anyhow? |
You're right about the directories being listable if guessed (which is not to difficult of course), but no dir listing access is given to them to by chmod -r.
So the user can only get inside his home folder and try to cd to /bin,/lib,etc but he gets a permission denied if he tries to do an ls... I've already said that i set up an ssh server for sftp and i created a chrooted environment for security reasons... |
| All times are GMT -5. The time now is 11:08 AM. |