LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-05-2009, 01:41 PM   #1
Pengoo
LQ Newbie
 
Registered: Jun 2009
Posts: 14

Rep: Reputation: 0
Securing folders


I must say thanx to all who help us noobs, youve helped me alot in these past days, yet ill probably be a noob for some time :-p

Ive searched the net (always do b4 asking) and i guess it must be a common knowledge thing as its not very well documented.

If i create say a user named bob, and he logs in via ssh, he can browse around and view directory structures and contents, but cant execute anything or modify anything correct?

If not, how can i remove all there abilities?

Im using ssh as a tunnel, so all they need to do is connect, rest is taken care of.

So if all they can do is look arround, is there any way to limit them to there directory and root, so can only dir root and see folders for system, but not enter?

Thanx a stack !!!
 
Old 06-05-2009, 02:18 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,076

Rep: Reputation: 4377Reputation: 4377Reputation: 4377Reputation: 4377Reputation: 4377Reputation: 4377Reputation: 4377Reputation: 4377Reputation: 4377Reputation: 4377Reputation: 4377
Quote:
Originally Posted by Pengoo View Post
I must say thanx to all who help us noobs, youve helped me alot in these past days, yet ill probably be a noob for some time :-p

Ive searched the net (always do b4 asking) and i guess it must be a common knowledge thing as its not very well documented.

If i create say a user named bob, and he logs in via ssh, he can browse around and view directory structures and contents, but cant execute anything or modify anything correct?

If not, how can i remove all there abilities?

Im using ssh as a tunnel, so all they need to do is connect, rest is taken care of.

So if all they can do is look arround, is there any way to limit them to there directory and root, so can only dir root and see folders for system, but not enter?

Thanx a stack !!!
This is a common permissions thing you're asking about. And all of it is documented clearly, but it's hard to put your finger on which piece to look at when you're new...

If you create a user bob, bob will be a member of a group too (let's say "users"). You can be a member of multiple groups, too, but for now, let's stay with one.

If bob creates a file, and you look at it ("ls -l" will show the 'long' listing, showing permissions), you'll see something like this:
Code:
-rwxrw-r-- 1 bob users        31 2009-06-02 15:00 file.txt
The "rwxrw-r--" are the permissions. They stand for (r)ead,(w)rite,e(x)ecute, in groups of three. The first three are for the user (or owner), the second three are for the group, the third is for others (or global). In the case of the file above, the user bob (the files owner), is allowed to read, write, and execute. Any member of the group "users", is allowed to read and write it, but NOT execute it. Anyone else can just read it. The permissions also have numerical values assigned to them...4 for read, 2 for write, and 1 for execute. So to set the file as above, you can run "chmod 764 file.txt". Want everyone to be able to do everything? That's 777. Read only for everyone? 444....take a look at the chmod and chown command man pages for more on that.

Now the SSH thing...you can also do something called a CHROOT 'jail'. That means that a user that logs in will see their home directory as "/". So naturally, they can't go 'up' a level, since the system says they're already there. They can then only see what's in their home directory. But a 'normal' user can enter the system directories (like /bin, /sbin, etc.), but can't change things there. And the commands that need root privs to run still won't....
 
Old 06-09-2009, 02:42 PM   #3
Pengoo
LQ Newbie
 
Registered: Jun 2009
Posts: 14

Original Poster
Rep: Reputation: 0
CHROOT Jail was the clincher, tnks TB0ne!!!

http://www.howtoforge.com/chroot_ssh...debian_etch_p2

for all those wanting to secure there systems.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
change permissions of all folders and sub folders cad Linux - General 3 01-28-2007 10:21 AM
symlinks from folders to folders? vbsaltydog Linux - Newbie 4 04-03-2006 01:51 PM
Samba can create new files and folders but access denied in any new folders k.king Linux - Networking 2 01-15-2006 06:14 AM
securing SNMP andy18 Linux - Networking 0 10-20-2004 02:20 AM
securing ftp Crunch Linux - Security 4 08-06-2003 08:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration