"Locking" a user into a specific directory
Hi all
I've been asked to secure our OpenSuse server but I have no idea where to start and hope that someone can point me in the right direction (tutorials or examples would be greatly appreciated!). The current situation is we have three local users: root, user1 and user2 Root and user1 are to be allowed "full access" to the file-system, but user2 can not be allowed outside of their home directory. I *think* this is called jailing or something but as it's not something I've any experience with I was hoping for some pointers please Many thanks for reading, I hope that someone can help!! |
Look at this article: http://www.techrepublic.com/blog/ope...irectories/229
|
Quote:
It does sound like the thing although typically, it's their shell access we need to restrict as they'll SSH in ... I will give it a whirl and, well, post back my results! |
Hmm, unfortunately, following these instructions didn't work; user2 was able to move outside of /chroot/user2 ...
For reference, I have configured the user (via Yast) to have their home directory set to /chroot/user2 and then followed the guide (although I did get one error/warning:- $PROMPT # cp -p /lib/{ld-linux.so.2,libc.so.6,libdl.so.2,libtermcap.so.2} lib/ cp: cannot stat `/lib/libtermcap.so.2': No such file or directory Am I missing something or is there a different process for OpenSuse12.1 (as I notice this was a Mandriva specific guide)? Thanks again! |
Well, main part is "chroot directory /bin/bash" which will change root to <directory> and run /bin/bash in jailed enviroment
The cp stuff is to get bash and its libraries to chrooted directory |
Well, after a bit more googling, I found this thread --> http://forums.opensuse.org/archives/...root-suse.html
Which led to this website --> http://www.fuschlberger.net/programs...p-chroot-jail/ Which led to this shell-script --> http://www.fuschlberger.net/programs...chroot_jail.sh Which, after some modification, led to being able to chrooting or jailing users successfully :D |
Quote:
http://www.cyberciti.biz/faq/restric...ectories-only/ |
Quote:
Quote:
|
@unspawn .Currently im using /bin/rbash shell to lock (or) jail the user to home directory .Whether there is any other method available to lock the user to there home directory via ssh.
|
Quote:
|
Quote:
Sorry for the delay in replying; locking users into specific directories is only a part of the whole "secure the server" plan we have :) |
All times are GMT -5. The time now is 09:11 AM. |