[SOLVED] How to create a user, who can access only his home directory
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Privileges are assigned to files and directories, and are given in 3 categories: owner, group, and others. By default, any new user is set up as the owner of everything in their ~ (/home/<username>) directory, and--also by default-- users will not be able to see the files of any other user.
System configuration files are normally set up as "read only" for ordinary users, and executable files as read and execute.
Do you have an example of you would need a new user to have privileges different from the defaults?
Privileges are assigned to files and directories, and are given in 3 categories: owner, group, and others. By default, any new user is set up as the owner of everything in their ~ (/home/<username>) directory, and--also by default-- users will not be able to see the files of any other user.
System configuration files are normally set up as "read only" for ordinary users, and executable files as read and execute.
Do you have an example of you would need a new user to have privileges different from the defaults?
normal user can read all the files and folders from command prompt.
normal user can read all the files and folders from command prompt.
No, he can't. He can only "see" (read and execute) files that are necessary to perform essential tasks with his computer. If a user can't read/execute any file outside his home directory, how will he be able to use any command in command line?
Maybe you are looking for a chroot jail?
normal user can read all the files and folders from command prompt.
NO--Except for root, ALL users have permissions based on their username, groups they are assigned to, and "others"
Look --for example--in /etc: Here are two typical permission setups:
-rw-r--r-- 1 root root 5649 Apr 14 13:33 rc_maps.cfg
-rwxr-xr-x 1 root root 684 Jul 3 22:37 rc.multi
As a normal user (not a member of the "root" group) I fall into the "other" category--thus I can read both files, and I can execute one of them.
Then look at the user directories in /home. You will see that only the owner of the files has any privileges at all.
suresh.k - What you're asking for is not possible. The user MUST have access to many of the files outside their home directory, such as /bin/bash, /etc/passwd, etc. Without access to these files, they will not be able to log in or run any commands at all. For example, when you run "mv", you're actually executing a program called mv, which lives in /bin/. If the user doesn't have access to /bin, they can't run mv.
A chroot jail is a way of setting up a new "filesystem" for the user, which contains only the files and directories that the user needs access to. You place this new "filesystem" somewhere on the real filesystem, such as /usr/local/chroot. Inside /usr/local/chroot, you'll have all of the regular bin, etc, home directories. When the user logs in, they are placed in their own home directory in this new "filesystem", and are only able to see the files around them. So what they think is /, or /etc, are actually /usr/local/chroot and /usr/local/chroot/etc.
The restricted shell you are trying to run (rsh) is actually supposed to prevent the user from using cd. But then you have to copy the essential commands and programs that the user is supposed to be able to run into the user home directory. If you don't you'll have a useless user account.
Oh sorry. I read that as 'not being able to cd' is the problem. Use a chroot then. The user will still be able to read any files inside the chroot.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.