Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 05-09-2005, 11:59 AM   #1
LQ Newbie
Registered: Feb 2005
Posts: 23

Rep: Reputation: 15
securing users to certain directories ?

Hi All,

I run a server http, ssh, etc,

Now I have never needed to share my server, but recently a few friends of mine want to host some pictures from my server, no problem as i already run a website from home,

I created a user ie, james, I then created a symlink from his home directory to /var/www/html/james

great, tested it all out allworks, but the user has access to the whole server via ssh, how can I only allow him to use, his home dir, and the sym link i created in there to var/www/html/james

would love to know how to restrict him,

cheers all
Old 05-09-2005, 02:07 PM   #2
Registered: Aug 2002
Location: St Louis, MO
Distribution: Xubuntu, RHEL, Solaris 10
Posts: 929

Rep: Reputation: 30
Unfortunately, jailing users over ssh isn't nearly as simple as it ought to be.
There's lots of information on the subject, though -

and so on...

The reason it's all so tricky is that jailing a user to a certain directory tree involves 'chroot'ing' them - physically changing what their session views as the "root" of the system's directory structure. This means that done improperly, they can type "cd /" and they'll actually get to /var/www/html (or whatever you've got it set up to be). They won't be able to see any other parts of your directory structure... which include /bin/, /usr/bin, /dev, /home, etc - and without those, most commands won't work at all. Take a look at just what would be off-limits were they not allowed access to /bin, and you'll see what I mean.
So chroot'ing involves rerouting a lot of that stuff into whatever directory you want the user jailed into, so they can have a more or less usable system.

Old 05-09-2005, 10:04 PM   #3
Senior Member
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
Something else to check is what he can actually DO with the rest of the server. Chances are good he can read everything, but that in and of itself isn't a problem. He most likely can't write most of the other places.Just make sure you lock him down if you give him sudo ability. Check out man sudo (if you are aven going to allow him sudo access), and restrict his ability to not do anything other than restart httpd and anything along those lines that he may need.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
securing /home directories danimalz Debian 21 11-30-2005 03:30 AM
new directories for new users kvtournh Mandriva 1 09-07-2005 10:07 AM
Securing individual directories (SSL) Trent Hatred Linux - Software 1 10-07-2004 10:50 PM
Skeleton directories for new users? jungatheart Linux - Newbie 2 04-24-2004 03:44 PM
Enter other users' directories MasterC Linux - General 14 11-27-2002 12:57 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:27 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration