LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-29-2012, 07:41 PM   #1
Jeroen52
LQ Newbie
 
Registered: Apr 2012
Location: the Netherlands
Distribution: CentOS 6.5 (Final)
Posts: 13

Rep: Reputation: 0
Exclamation How to limit user access to their Home but still be able to run commands on CentOS


Well, I am running a server and I want to allow more people on it, but security is my number one priority, I have already (almost) made root folders 100% for root only and I also want all other parts to have that.
I have tried that, but it gives a lot errors and also on httpd.
I have tried multiple combinations but they all fail.
Is there any way how?
 
Old 04-30-2012, 12:06 AM   #2
blue_print
Member
 
Registered: May 2010
Location: In world
Distribution: RHEL, CentOS, Ubuntu
Posts: 275
Blog Entries: 3

Rep: Reputation: 50
What exactly you tried to set the permission for other users? It would be good if you give more information what you have to achieve.
 
Old 04-30-2012, 04:28 AM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780
Quote:
I have already (almost) made root folders 100% for root only and I also want all other parts to have that ... but it gives a lot errors and also on httpd
I get the feeling that you are attempting to implement security based upon a sophmoric understanding of Linux permissions. Many of the root owned files and folders are meant to be accessed by others and changing them to root only will break things.

Please answer blue_print's question so that we can help you create a proper solution for your goals.
 
Old 04-30-2012, 10:35 AM   #4
Jeroen52
LQ Newbie
 
Registered: Apr 2012
Location: the Netherlands
Distribution: CentOS 6.5 (Final)
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by blue_print View Post
What exactly you tried to set the permission for other users? It would be good if you give more information what you have to achieve.
What I am trying to achieve is that I can give people access to my server with their own private accounts without worrying that they are reading Database Passwords or weaknesses from configurations.


Quote:
Originally Posted by Noway2 View Post
I get the feeling that you are attempting to implement security based upon a sophmoric understanding of Linux permissions. Many of the root owned files and folders are meant to be accessed by others and changing them to root only will break things.

Please answer blue_print's question so that we can help you create a proper solution for your goals.
I know that many root owned files and folders are meant to be accessed by others but I meant the /root folder.
I run scripts there as root and other users do not need access there, I have given it all 700 access so only the root user can access it.
So how to allow all users to execute all files but not allow them to read .conf files and config.php files and all sorta files like those.
 
Old 04-30-2012, 10:43 AM   #5
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,717

Rep: Reputation: 1118Reputation: 1118Reputation: 1118Reputation: 1118Reputation: 1118Reputation: 1118Reputation: 1118Reputation: 1118Reputation: 1118
The solution

What you REALLY want is to have your account and the root account normal, and have all other USER accounts in chroot mode.

How you implement that depends upon how users access this machine.
OpenSSH has, in recent versions, a configuration that allows you to effectively chroot users using only the power of OpenSSH.
The more general solution is to actually set up a chroot jail, as this is effective even if their access is console or other non-ssh access applications.

How acceptable these solutions are to you may depend upon why users need to access this box in the first place, and what they should be able to do on the box.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to allow access to some commands having root privleges to be run bu non root user suryashikha Linux - Newbie 8 10-31-2009 01:05 PM
Limit a user to their home directory redgore Linux - General 2 08-04-2009 10:45 AM
User access restriction in centOS 5 to run single script only. farhanzahidi Linux - Newbie 1 06-20-2009 11:38 AM
vsftpd - limit user to his/her home directory kaon Linux - Software 0 01-15-2005 12:32 AM
Limit unix commands of a user ID thedragon Linux - Security 3 07-16-2002 08:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration