Securing folders
I must say thanx to all who help us noobs, youve helped me alot in these past days, yet ill probably be a noob for some time :-p
Ive searched the net (always do b4 asking) and i guess it must be a common knowledge thing as its not very well documented. If i create say a user named bob, and he logs in via ssh, he can browse around and view directory structures and contents, but cant execute anything or modify anything correct? If not, how can i remove all there abilities? Im using ssh as a tunnel, so all they need to do is connect, rest is taken care of. So if all they can do is look arround, is there any way to limit them to there directory and root, so can only dir root and see folders for system, but not enter? Thanx a stack !!! |
Quote:
If you create a user bob, bob will be a member of a group too (let's say "users"). You can be a member of multiple groups, too, but for now, let's stay with one. If bob creates a file, and you look at it ("ls -l" will show the 'long' listing, showing permissions), you'll see something like this: Code:
-rwxrw-r-- 1 bob users 31 2009-06-02 15:00 file.txt Now the SSH thing...you can also do something called a CHROOT 'jail'. That means that a user that logs in will see their home directory as "/". So naturally, they can't go 'up' a level, since the system says they're already there. They can then only see what's in their home directory. But a 'normal' user can enter the system directories (like /bin, /sbin, etc.), but can't change things there. And the commands that need root privs to run still won't.... |
CHROOT Jail was the clincher, tnks TB0ne!!!
http://www.howtoforge.com/chroot_ssh...debian_etch_p2 for all those wanting to secure there systems. |
All times are GMT -5. The time now is 09:53 PM. |