Hi, everyone..

I want to add a user who can only access his home directory but nowhere else. (running redhat 8.0)

I read alot about it and as much I read, I confused more...

Please help.

Here is what I did:

I added a new user (test)
/etc/passwd
test:x:506:506::/var/www/./test/:/bin/bash

then edit /etc/security/chroot.conf as below
# /etc/security/chroot.conf
# format:
# username_regex chroot_dir
#matthew /home
test /var/www/test

But, when I login (telnet or ssh) with this account, I can still access other directories..

Do I need to add any "pam_chroot.so" somewhere?

What am I doing wrong?

There will be more than 50 users like that in this system. Is this the best way?

Thanks for your help in advance.

I'm not sure about editing the file by hand but have you tried to run the command to chroot them to a directory?

man chroot for more details.

Thanks for reply..

Yes, I did read the manual, but as I said I am more confused after all of that.

There must be a very basic solution for that

So, is it enough to run chroot command itself? How do I say that I just want to use it for a specific user?

What I understood is chroot command is for only running a command from a certain directory?

I got lost in that.. help!..

Thanks in advance..

Did you add a "session required /lib/security/pam_chroot.so" line to /etc/pam.d/login? And AFAIK it isn't necessary to specify a ftp-style chroot home in passwd like the /dir/dir./dir you added.
Also note for a chroot to work you need to add some basic config files, libraries and GNU utilities to the chroot. The 1st sticky thread in the Linux - Security forum has some docs on chrooting, it's the 4th post, titled "Chroot, chrooting, jailing, comparimization".

Thanks alot for your reply.. I search on the forum alot but I think I could see that one.

As you said, I add "session required /lib/security/pam_chroot.so" to /etc/pam.d/login.

But, in the documents I couldn't see anything what to do about :
"Also note for a chroot to work you need to add some basic config files, libraries and GNU utilities to the chroot"

Can you give me some more clue please?

As a newbie, it is really difficult to figure out it for me.. Probably I can not see it becuse I couldn't get the logic of it yet..

Thanks alot in advance..

AFAIK a normal user can only access his homw directory bt default

She wants the user to only be able to access his/her own directory. In a typical *nix system users can only write to their own homedir (and /tmp if given permission), but can still view most dirs like /bin /opt and so on... This is what she wants to avoid.

And the sanest way to do this is by chrooting the user to his/her own homedir. Therefore, when they do cd / it will actually take them to their homedir.

Ok, I am trying jail sw for chrooting now. I installed jail_1.9

I followed the document exactly.. Like this:

1) Create the user
/etc/passwd
test2:x:507:507::/var/chroot/:/usr/local/bin/jail

2) install the sw
3) create the chroot
/usr/local/bin/mkjailenv /var/chroot
adding sw on it
/usr/local/bin/addjailsw /var/chroot
adding users to chroot
/usr/local/bin/addjailuser /var/chroot /home/test2 /bin/bash test2
here is my user:
/var/chroot/etc/passwd
test2:x:507:507::/home/test2:/bin/sh

Thats all.. it is working.. But..

When I login with test2 user, I can change directory to /var/chroot (as my root directory) and I can see other user's directories and all directories under /var/chroot.

I don't want anyuser to see any other directory but his own home directory.

Can you please help?
What am I doing wrong?

Thanks..