Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-02-2006, 08:31 AM
|
#1
|
|
LQ Newbie
Registered: Apr 2005
Location: BRAZIL !!!
Distribution: Fedora4 :D
Posts: 17
Rep: 
|
Limiting folders and commands for a user
Gentleman,
i'd like to add a user that will conect to my host by FTP and execute some commands, but I want to limit his activity to a specific folder (he can't even leave that folder) and also limit his commands (he can't create files, delete anything, etc...). Thnx people.
|
|
|
|
|
03-02-2006, 09:31 AM
|
#2
|
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep: 
|
http://vsftpd.beasts.org/
Configure your user to be in a chroot (he can't move out of a folder) and put proper permissions (only read and list for example)
|
|
|
|
|
03-02-2006, 11:03 AM
|
#3
|
|
LQ Newbie
Registered: Apr 2005
Location: BRAZIL !!!
Distribution: Fedora4 :D
Posts: 17
Original Poster
Rep:
|
OK, but what if I wasn't using ftp ? How to reduce the commands a normal user can execute ? But thnx for the answer above, guess it solves the issue for this special case...
|
|
|
|
|
03-02-2006, 12:02 PM
|
#4
|
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
I see several methods:
*
Use Chrooted ssh.
http://www.linuxquestions.org/questi...d.php?t=415231
The user can only execute the commands that you have put in the jail, very restrictive.
*
Use PAM to restrict access to resources. I'm not very familiar yet with PAM so you will need help from someone else sorry.
*
Modify permissions on available binaries
Chmod o-x on a lot of sensitive files
Last edited by nx5000; 03-03-2006 at 04:40 AM.
|
|
|
|
|
03-02-2006, 01:43 PM
|
#5
|
|
LQ Newbie
Registered: Apr 2005
Location: BRAZIL !!!
Distribution: Fedora4 :D
Posts: 17
Original Poster
Rep:
|
I found a JAIL script in PERL that does all the boring stuff like copying bash into the folder so that it works, and copying dependencies. It's doing what i wanted, but there's still one doubt...If I use CHROOT, how can I do so that when the user logs in the chroot runs and makes his / the folder I want...
|
|
|
|
|
03-03-2006, 03:44 AM
|
#6
|
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Yes this perl script should do the job but I prefer to do it myself. Makejail?
To check if he is really chrooted, make a ps, take the pid of his bash. then go in /proc/<pid>
and look at the file root. this file should point to the root of the chroot.
Should display
root->/jail/ |
|
|
|
All times are GMT -5. The time now is 05:15 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
