Restrict the user access
Hi,
How could I limit the access of users to a directory. For example : I am having some Designers and normal users. I would like to grant access the Designers only to the /home directory. That if, When the designer log into their machine their working directory will be /home/designer. If the designer execute the command # cd /etc it should not work and it returns a message permission denied and if it is cd /home it should work. They should have access to the servers /home directory. The server will be having cPanel in it. So is there anything else we could implement without changing the directory ownership. Regards, |
I think what you're trying to do is drop the designer into a chroot jail, however giving them access to /home may not be ideal as it could allow them to manipulate the environments of other users - can you restrict them to /home/designer instead?
|
Quote:
Thanks for the quick reply. Unforntunately that is not the exact requirement The exact requirement is it is a cPanel server so we cannot change any of the directory permissions The developer/designer user shoud be able to full access to /home (ie under the /). but should not be able to view or access any other directories under / |
Ok so you'll need to read up on chroot jails and see if they'll work for you, it may not be trivial depending on your requirements.
|
If you restrict those users from reading system files and dirs they will only be able to run executables located in their home folders only (if /home isn't mounted with -noexec option of course). In Linux programs are run with exactly the same privileges that has the user that started them. So the programs won't be able to read system files and dirs either and would hardly work.
As far as I know you're only able to prevent users from getting access to other user's data in Linux. Why do you want to hide the root filesystem from a user? |
Quote:
|
Quote:
for eg:- they can 'cd' & ls to /etc /bin if it is required but not able to 'cd' to /dev, /misc etc... but should be able to access&edit /home I have created a user called developer and setfacl rwx to home directory Now the scenario is like the developer user have full access to /home also the user can ls & view all the files&directories under / but cannot perform any other operation under the directories and files rather than /home I think the solution is half acheived but needed to restrict the view of certain directories under / Sound like a crazy idea!!!. but badly needed to implement this. |
Quote:
Quote:
Code:
andrew@P8P67-Lin:~$ rm -f /etc/fstab |
Stick them in a chroot jail and loopback mount /home into it.
Quote:
|
All times are GMT -5. The time now is 01:12 AM. |