LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-12-2012, 11:49 AM   #1
rebelscum1
LQ Newbie
 
Registered: Sep 2012
Posts: 16

Rep: Reputation: Disabled
Grant access to /home but no higher


I'm setting up vsftp on Ubuntu Natty Narwhal & have configured chroot to jail basic user accounts. However I'd like to create a 'power user' account that can browse the user folders in /home but not go any higher within the system.
What I've done so far is I've created a default user account with 'adduser' then added the account to 'chroot_list'. But I don't want it to be able to browse the entire system, just within /home. Is there a 'best practice' method?
Thanks,
 
Old 09-12-2012, 11:52 AM   #2
cortman
Member
 
Registered: Jan 2012
Location: ZZ9 Plural Z Alpha
Distribution: Crunchbang 11, LFS 7.3, DSL 4.1.10, Lubuntu 12.10, Debian 7
Posts: 219

Rep: Reputation: 43
Why not just set rwx permissions accordingly, and deny sudo to chmod for the "superuser?
 
1 members found this post helpful.
Old 09-13-2012, 07:44 AM   #3
rebelscum1
LQ Newbie
 
Registered: Sep 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
You are suggesting lock down perms on each folder in the root dir [bin, boot, dev etc]? That sounds good! But how? [sorry I'm a complete 'noob' at this stage]
At the moment, an account is either jailed & can only see their own home folder, or 'free' & can access everything. I'd like to set up something in between.
I see there is the option to run 'Bastille' but it appears to be recommended for more advanced users.
 
Old 09-13-2012, 08:35 AM   #4
rebelscum1
LQ Newbie
 
Registered: Sep 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
Making progress now thanks,
Code:
sudo chmod o-rwx group1
where 'group1' could be any group in the root directory that I want to prevent 'others' [the 'o' part of the above code] from gaining access.
Tested in Filezilla & looking good.

http://manpages.ubuntu.com/manpages/...1/chmod.1.html
 
Old 09-13-2012, 08:53 AM   #5
jsaravana87
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 558
Blog Entries: 5

Rep: Reputation: Disabled
I think these may help you

http://www.cyberciti.biz/faq/restric...ectories-only/
 
1 members found this post helpful.
Old 09-13-2012, 09:54 AM   #6
cortman
Member
 
Registered: Jan 2012
Location: ZZ9 Plural Z Alpha
Distribution: Crunchbang 11, LFS 7.3, DSL 4.1.10, Lubuntu 12.10, Debian 7
Posts: 219

Rep: Reputation: 43
Looks good so far. Arun's link is useful as well.
 
Old 09-13-2012, 12:17 PM   #7
rebelscum1
LQ Newbie
 
Registered: Sep 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
My latest attempt, just gonna do a backup before I start applying to the root dir folders...
Thanks for your pointers!

1. creating a new folder in root
sudo mkdir /testfol

2. set owner & owner group for the folder
sudo chown root:sudo /testfol

3. define owner/group/other permissions (with chmod, not chown)
sudo chmod -R 770 /testfol

4. Restart FTP
sudo service vsftpd restart
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Centos grant read access for rSync vzxen Linux - Newbie 8 05-05-2011 12:11 AM
How to grant permission and access to directories using ubuntu? JCole123 Linux - Newbie 4 07-14-2010 11:50 PM
Grant Access Mercurius Slackware 18 12-10-2006 01:27 AM
Howto grant access for a user to qtparted? powadha Debian 2 06-17-2005 04:18 AM
grant a user access to /fat-c n0x Slackware 4 05-02-2004 01:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration