Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-04-2003, 05:46 PM
|
#1
|
LQ Newbie
Registered: Jun 2003
Posts: 9
Rep:
|
limiting the user
Hi, everyone..
I want to add a user who can only access his home directory but nowhere else. (running redhat 8.0)
I read alot about it and as much I read, I confused more...
Please help.
Here is what I did:
I added a new user (test)
/etc/passwd
test:x:506:506::/var/www/./test/:/bin/bash
then edit /etc/security/chroot.conf as below
# /etc/security/chroot.conf
# format:
# username_regex chroot_dir
#matthew /home
test /var/www/test
But, when I login (telnet or ssh) with this account, I can still access other directories..
Do I need to add any "pam_chroot.so" somewhere?
What am I doing wrong?
There will be more than 50 users like that in this system. Is this the best way?
Thanks for your help in advance.
|
|
|
09-04-2003, 05:54 PM
|
#2
|
LQ Guru
Registered: Jan 2001
Posts: 24,149
|
I'm not sure about editing the file by hand but have you tried to run the command to chroot them to a directory?
man chroot for more details.
|
|
|
09-04-2003, 06:07 PM
|
#3
|
LQ Newbie
Registered: Jun 2003
Posts: 9
Original Poster
Rep:
|
Thanks for reply..
Yes, I did read the manual, but as I said I am more confused after all of that.
There must be a very basic solution for that
So, is it enough to run chroot command itself? How do I say that I just want to use it for a specific user?
What I understood is chroot command is for only running a command from a certain directory?
I got lost in that.. help!..
Thanks in advance..
|
|
|
09-04-2003, 06:29 PM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,417
|
Did you add a "session required /lib/security/pam_chroot.so" line to /etc/pam.d/login? And AFAIK it isn't necessary to specify a ftp-style chroot home in passwd like the /dir/dir./dir you added.
Also note for a chroot to work you need to add some basic config files, libraries and GNU utilities to the chroot. The 1st sticky thread in the Linux - Security forum has some docs on chrooting, it's the 4th post, titled "Chroot, chrooting, jailing, comparimization".
|
|
|
09-04-2003, 07:06 PM
|
#5
|
LQ Newbie
Registered: Jun 2003
Posts: 9
Original Poster
Rep:
|
Thanks alot for your reply.. I search on the forum alot but I think I could see that one.
As you said, I add "session required /lib/security/pam_chroot.so" to /etc/pam.d/login.
But, in the documents I couldn't see anything what to do about :
"Also note for a chroot to work you need to add some basic config files, libraries and GNU utilities to the chroot"
Can you give me some more clue please?
As a newbie, it is really difficult to figure out it for me.. Probably I can not see it becuse I couldn't get the logic of it yet..
Thanks alot in advance..
|
|
|
09-05-2003, 12:23 AM
|
#6
|
Member
Registered: Feb 2002
Location: India
Distribution: Slacky 12.1, XP
Posts: 992
Rep:
|
AFAIK a normal user can only access his homw directory bt default
|
|
|
09-05-2003, 01:27 AM
|
#7
|
Senior Member
Registered: May 2003
Location: Malaysia
Distribution: Slackware, LFS, CentOS
Posts: 1,307
Rep:
|
Quote:
Originally posted by jayakrishnan
AFAIK a normal user can only access his homw directory bt default
|
She wants the user to only be able to access his/her own directory. In a typical *nix system users can only write to their own homedir (and /tmp if given permission), but can still view most dirs like /bin /opt and so on... This is what she wants to avoid.
And the sanest way to do this is by chrooting the user to his/her own homedir. Therefore, when they do cd / it will actually take them to their homedir.
|
|
|
09-05-2003, 07:24 PM
|
#8
|
LQ Newbie
Registered: Jun 2003
Posts: 9
Original Poster
Rep:
|
Ok, I am trying jail sw for chrooting now. I installed jail_1.9
I followed the document exactly.. Like this:
1) Create the user
/etc/passwd
test2:x:507:507::/var/chroot/:/usr/local/bin/jail
2) install the sw
3) create the chroot
/usr/local/bin/mkjailenv /var/chroot
adding sw on it
/usr/local/bin/addjailsw /var/chroot
adding users to chroot
/usr/local/bin/addjailuser /var/chroot /home/test2 /bin/bash test2
here is my user:
/var/chroot/etc/passwd
test2:x:507:507::/home/test2:/bin/sh
Thats all.. it is working.. But..
When I login with test2 user, I can change directory to /var/chroot (as my root directory) and I can see other user's directories and all directories under /var/chroot.
I don't want anyuser to see any other directory but his own home directory.
Can you please help?
What am I doing wrong?
Thanks..
|
|
|
All times are GMT -5. The time now is 09:44 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|