LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to limit user access to their Home but still be able to run commands on CentOS (https://www.linuxquestions.org/questions/linux-security-4/how-to-limit-user-access-to-their-home-but-still-be-able-to-run-commands-on-centos-942458/)

Jeroen52 04-29-2012 07:41 PM

How to limit user access to their Home but still be able to run commands on CentOS
 
Well, I am running a server and I want to allow more people on it, but security is my number one priority, I have already (almost) made root folders 100% for root only and I also want all other parts to have that.
I have tried that, but it gives a lot errors and also on httpd.
I have tried multiple combinations but they all fail.
Is there any way how?

blue_print 04-30-2012 12:06 AM

What exactly you tried to set the permission for other users? It would be good if you give more information what you have to achieve.

Noway2 04-30-2012 04:28 AM

Quote:

I have already (almost) made root folders 100% for root only and I also want all other parts to have that ... but it gives a lot errors and also on httpd
I get the feeling that you are attempting to implement security based upon a sophmoric understanding of Linux permissions. Many of the root owned files and folders are meant to be accessed by others and changing them to root only will break things.

Please answer blue_print's question so that we can help you create a proper solution for your goals.

Jeroen52 04-30-2012 10:35 AM

Quote:

Originally Posted by blue_print (Post 4666418)
What exactly you tried to set the permission for other users? It would be good if you give more information what you have to achieve.

What I am trying to achieve is that I can give people access to my server with their own private accounts without worrying that they are reading Database Passwords or weaknesses from configurations.


Quote:

Originally Posted by Noway2 (Post 4666554)
I get the feeling that you are attempting to implement security based upon a sophmoric understanding of Linux permissions. Many of the root owned files and folders are meant to be accessed by others and changing them to root only will break things.

Please answer blue_print's question so that we can help you create a proper solution for your goals.

I know that many root owned files and folders are meant to be accessed by others but I meant the /root folder.
I run scripts there as root and other users do not need access there, I have given it all 700 access so only the root user can access it.
So how to allow all users to execute all files but not allow them to read .conf files and config.php files and all sorta files like those.

wpeckham 04-30-2012 10:43 AM

The solution
 
What you REALLY want is to have your account and the root account normal, and have all other USER accounts in chroot mode.

How you implement that depends upon how users access this machine.
OpenSSH has, in recent versions, a configuration that allows you to effectively chroot users using only the power of OpenSSH.
The more general solution is to actually set up a chroot jail, as this is effective even if their access is console or other non-ssh access applications.

How acceptable these solutions are to you may depend upon why users need to access this box in the first place, and what they should be able to do on the box.


All times are GMT -5. The time now is 06:25 AM.