well do this mount -o remount / and then

setfacl -m user:<some user name>:r-- /

Does it still say operation not permitted?

I believe that's what you wanted.

OP - if all you want to do is give that user a different set of binaries, have you considered setting PATH=/media/usb/bin:$PATH? You could enforce that by adding a UID check and putting it in /etc/profile or similar, and you could use permissions or acls to prevent other users from seeing/running the directories where those new binaries were stored.

Yep, unfortunately, I still get

setfacl: /: Operation not supported

Dang!

are you doing it from root account or normal user? and do what karamarisan said there should be a comma there.

It looks like you want to chroot the users, or at least user2. You might want search on Google for chroot howto's. Having user2's system inside user1's home directory isn't a good idea. Especially as you want the the chroot environment there as well. You have to enable read and execute rights for the parent directories, which allows user2 access to user1's files. User1 on the other hand can unlink user2's directories, since user1 has write access to /home/user1/ and deleting files and directories is an operation on the parent directory. Also pendrives don't make the best device for an operating system.

Maybe you could explain why you need to do this. That might help us suggest a better solution.

@kdelover
I'm using sudo..and still getting the same msg! arrrgh!! (eating my fist)

@karamarisan
Thats a good idea. However, excuse my naiveness, but what you are saying is to add the place where binaries are on the USB disk to the user's path, right?

basically will using PATH=/media/usb/bin:$PATH? force an ls binary to run from /media/usb/bin/ rather than /bin/? for that user.

@jschiwal

I will look up chroot

acl should work as far as i know,my bad i cant test it now

@kdelover

are you kidding me! you've been awesomely helpful! no worries.

If the files you want alternates of are just binaries, then PATH modification is probably your best bet. Note that this is purely a convenience thing. With PATH=/media/usb/bin:..., if there is an ls in /media/usb/bin, that ls will be run instead of the system one, but user2 will still be able to run the system ls with /bin/ls if he wants to. Also note that is important that no more than root and possibly user2 be able to write to /media/usb/bin or any other directory you add this way, as you could otherwise be opening a serious local security hole.

chroot is overkill if all you want are alternate binaries. It would also affect a number of other things, as the root filesystem outside /media/usb would no longer be visible until the chroot was exited.

From what the OP describes, I agree with jschiwal, chroot is a nice all encompassing solution.

@karamarisan

I totally agree with your point, modifying the path so that the binaries in the USB stick run instead of the system is a great soln.

I am intrigued by chroot though I will look more into it.

Thanks again everyone.

I haven't read the whole thread, but, seriously, you are describing what chroot does in the first post.

OP: Take this as a lesson in presenting your problem rather than what you think is a solution. If all you need is alternate binaries for this user, you would have gotten the PATH business a lot sooner and that'd likely be it. You framed it like you need an entire filesystem, and a number of people have given chroot as a way to make that happen (as that's what it does).

Ok i got back home and i tested what you were trying to do and it works for me :|

The Result

And it seems to be working for me,hmmm since i gave ryan --- permissions that is no permission nothing seems to be working

Everyone,
Thanks so much for the helpful pointers and code snippets. I have implemented the PATH solution and am looking at chroot now. I have got it working. I found some excellent tutorials via google about chroot.

One question though, as the root user of my system, if I grant a programmer access into a chroot jail, how can I move him back to the normal /home/user2 filesystem on m computer. I have found articles on "how to get out of chroot jail" and "how to break out of jail" etc.. but they don't seem to be quite elegant. They all use the fact that the root user can't be jailed and so the chrooted guy performs actions to elevate himself to root level and hence gets out or maybe follows a hard link..etc..

Can someone please suggest a clean way to allow a chrooted user back into the main filesystem.

Situation: User2 logs into my computer and is hived off to a chrooted environment, he does some stuff, and then I as the root user decide it is time to move user2 onto the main file system.

One possible way, I thought of, based on this thread is to possibly go and put links in the chrooted environment for user2 pointing to the /home/user2 on the main filesystem. But chroot won't allow user2 to follow those soft links (as it should). Also it seems hard links can't be made to directories.

Can anyone give me some advice about bringing a user back from a chrooted environment to the main filesystem.

Thanks again in advance.

EDIT============

I mean moving user2 into the main file system in a transparent manner if possible. For example: user2 logs in and is thrown into chrooted env, he does some stuff, and then automatically (magically, after 20 seconds or completing some tasks etc..) is now able to browse the main file system, thereby not being restricted by chroot, without having to do any "jailbreaking" explicitly.