Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have read up on quite a number of forums from this site and a few others and I cant quite see anything that matches my question. Maybe im wrong, but would like to be sure.
Question:
I would be grateful if someone can help me here with regards to isolating users to their own directory only. This is mainly directed at the use and viewing from FTP, Filezilla. (obviously from command prompt too...)
What I am trying to do, or rather want to achieve is when viewing files via Filezilla and logged in as (for example) "user1", they can browse another users ("user2") directory as well, from the /home/ folder. Each user can also browse all the system directories as well.
I want to only enable each user to only see and browse their OWN home folder. For example, USER1 should only see "/home/user1" I dont want them to be able to type in a directory stucture address and be able to get to another folder that way either.
What I dont want to do is loose the + sign on the home directory if I browse out of the users home directory. ( Something I made a mistake on in the past, and the only way to get back to the users home dir, was by typing it back in, in the address bar in FTP). I still want to be able to click back into it.
What Im using:
I am using a vanilla install of Fedora Core 8 (yum updated to date), with the latest Webmin installed and I have created a couple of users via webmin.
I hope this make sence?
Ive played about with CHOWN and just want to be extra careful I dont give off permissions in the wrong way. Same applies with CHMOD.
Second question:
Also, I use Putty and tend to log in each user through there own individual session, im not sure how to "manage" different logins from one session. Ie login as root and then switch to user1 and back again to root and so on..
If someone can help explain to me the above I would also appreciate it.
For the FTP part, locking down users to their home directory can be done through your FTP server, provided your using one that supports such a feature. I use VSFTP and I can configure it so that users can't get out of their home directory. You'll probably have to check into what FTP server Fedora uses by default, and if it isn't VSFTP, I would suggest changing.
Quote:
Also, I use Putty and tend to log in each user through there own individual session, im not sure how to "manage" different logins from one session. Ie login as root and then switch to user1 and back again to root and so on..
First off, please tell me that you don't allow root login via SSH. Not a good idea. Second, you can probably do what you want one of two ways. First would be to use the su command to change to the user you want to be. When you're done, you just exit and you're back to the user you logged in as. The other way to handle this would be with the screen command. By using screen you can set up as many virtual terminals as you like from a single SSH session. The nice bit is that if you disconnect from a screen session, it continues running and you can reconnect to it the next time you log in. Sort of like VNC for the command line.
I am new to linux to a point, Im no idiot tho..lol I do realise there are certain aspects im not aware of which is why I have signed up here. However as its a fresh vanilla install of linux, I havent made any major changes other than above because I want to be sure im doing things right. If you can tell me how I would restrict ssh access from root it would be appreciated.
Ive checked in webmin and the ftp app that comes with FC8 and is active on boot and running appears to be "VSFTPD"...
I know I didnt state this in my first post, but Im doing all this via a non gui install, just so you are aware.. Im running it a server mainly for a couple of gameservers I want to run on it for my lan events and a bit of website work to test.. nothing major.. so its not on the net or anything...
Fantasio has the right answer for SSH, but also be sure to set it to Protocol 2, not Protocol 1,2 and you also may want to limit users with the AllowUsers directive. Any user listed after AllowUsers are the only users allowed in via SSH.
As for vsftpd, the file you want to look at is /etc/vsftpd.conf and the directive you want is chroot_local_users=YES. That will keep local users in their home directories. The file is very well commented but you may want to look at the man page for more options. Be sure to restart xinetd after you make the changes (assuming you're running ftp through xinetd and not as a standalone).
Both of these files are just text files, so they can easily be edited with any console editor.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.