"Locking" a user into a specific directory
 

Hi all
I've been asked to secure our OpenSuse server but I have no idea where to start and hope that someone can point me in the right direction (tutorials or examples would be greatly appreciated!).

The current situation is we have three local users: root, user1 and user2

Root and user1 are to be allowed "full access" to the file-system, but user2 can not be allowed outside of their home directory.

I *think* this is called jailing or something but as it's not something I've any experience with I was hoping for some pointers please


Many thanks for reading, I hope that someone can help!!

Look at this article: http://www.techrepublic.com/blog/ope...irectories/229

Wow, thank you for the prompt reply!
It does sound like the thing although typically, it's their shell access we need to restrict as they'll SSH in ... I will give it a whirl and, well, post back my results!

Hmm, unfortunately, following these instructions didn't work; user2 was able to move outside of /chroot/user2 ...
For reference, I have configured the user (via Yast) to have their home directory set to /chroot/user2 and then followed the guide (although I did get one error/warning:-

$PROMPT # cp -p /lib/{ld-linux.so.2,libc.so.6,libdl.so.2,libtermcap.so.2} lib/
cp: cannot stat `/lib/libtermcap.so.2': No such file or directory

Am I missing something or is there a different process for OpenSuse12.1 (as I notice this was a Mandriva specific guide)?
Thanks again!

Well, main part is "chroot directory /bin/bash" which will change root to <directory> and run /bin/bash in jailed enviroment
The cp stuff is to get bash and its libraries to chrooted directory

Well, after a bit more googling, I found this thread --> http://forums.opensuse.org/archives/...root-suse.html
Which led to this website --> http://www.fuschlberger.net/programs...p-chroot-jail/
Which led to this shell-script --> http://www.fuschlberger.net/programs...chroot_jail.sh
Which, after some modification, led to being able to chrooting or jailing users successfully :D

.You can lock(jail) the user to home directory using /bin/rbash shell


http://www.cyberciti.biz/faq/restric...ectories-only/

Note 'rbash' drastically reduces functionality and does not stack up to earlier mentioned chroot jail.


Just asking since jail is all that has been addressed here: is that really all you needed to accomplish? I mean there's more to securing a server than confining user accounts.

@unspawn .Currently im using /bin/rbash shell to lock (or) jail the user to home directory .Whether there is any other method available to lock the user to there home directory via ssh.

For questions that do not help solve or address the OPs questions please create your own thread next time, OK? For modern OpenSSH versions see the "ChrootDirectory" directive.

Hi
Sorry for the delay in replying; locking users into specific directories is only a part of the whole "secure the server" plan we have :)