Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
is it possible to make that user can not move from his own home directory?
thank you in advance!
Maybe, but you provide no details.
What KIND of user? (console? SSH? Telnet? FTP?). What version/distro of Linux? What you're talking about is "chroot", and can be done for SSH and FTP users. You can probably script something to make sure the user can't change directories above their own home dir, too, depending on what you're talking about.
You modify a shell profile for the user with an alias for cd command that will block/substitute his attempts to move elsewhere. Make the profile file writable to root only, so the user could not overwrite it, yes, don't forget exporting it.
I hope it helps. See "Learn Linux for a Beginner" DVDs by unixacademy.com for questions like that.
Yes...because with those permissions, no one except root could get to the /etc directory, to read default profile information, password/shadow files, etc. They'd also be unable to start a shell, since they're in /bin/bash, which would be excluded from the path by those permissions, not to mention all the applications you'd break by doing that recursively from root.
Quote:
Originally Posted by myposts
You modify a shell profile for the user with an alias for cd command that will block/substitute his attempts to move elsewhere.
..except that the user will then be unable to change directories WITHIN his own home directory.
Quote:
Originally Posted by booyeeka
it's for ssh user.
so, let's call it regular-no-root user, that belongs to some custom group...
You STILL say nothing about version/distro of Linux. Read my first post again, about SSH supporting chroot'ed users. It effectively making their own home directories look like the "/" directory. Since they're already effectively at top-level, they obviously can't go up, or anywhere else, if they're chroot'ed. Since you don't give any details about version/distro of Linux, go to Google and look up "linux chroot ssh" for your version. Follow the instructions.
You do realize you'll need to put copies of all the required binaries and libraries into the chroot'ed environment, right? Nine times out of ten when I see someone doing this they're going on a roundabout way to solve some particular problem. What exactly are you trying to accomplish by limiting a user to his home directory? On a well-secured system it's generally not a problem to let the user traverse the file system unless you have some very special requirements.
In any case look into chrooting ssh ... if you Google there are a number of guides on how to do it. You can also put bash into restricted mode which will let the user access needed binaries and libraries, but won't let them change directories at all IIRC so they're stuck in their home directory. Depending on your exact requirements, this may be good enough.
it's fedora distro. but i don't know why it's distro-related...
First, it's common courtesy to supply details when asking a question.
Second, as said before, the instructions/packages for setting up chroot'ed SSH vary by distro. So what works on Ubuntu, won't necessarily work on Fedora, that's why.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.