LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-07-2003, 01:20 AM   #1
beatlelane
Member
 
Registered: Jun 2003
Location: Manila
Distribution: Bayanihan+RH9+FC1
Posts: 68

Rep: Reputation: 15
Lightbulb Limiting local users to their home directory.


I consider myself a newbie to Linux, have been starting using this OS for just two weeks, I found it interesting, although it was quite hard learning this system, I would say a good alternative to windows anyway.

Maybe this concern was ask for so many times here...but unfortunately i have searched forums including this, and haven't found any solution...sorry for that, i might have enter the wrong keyword…but anyway i hope someone out there could help.

I have noticed that when local users log to the system, if they enter the command “cd ..” they can easily access these directories “ /usr, etc, bin …and others” although its read only I just want these users not even set eyes on its configuration, well of course, nothing else but for security reason.

I have done this in “vsftpd” service using chroot_local_users key…and got an idea if I could set the same with local users, and of course I know it will be applied also for those accessing this system remotely using SSH.

Is it possible?

I hope somebody would give me input on this…thank you very much in advance.

MABUHAY ANG MGA LINUX USERS!
 
Old 09-07-2003, 07:13 AM   #2
phoeniXflame
Member
 
Registered: Feb 2003
Location: Somewhere, UK
Distribution: Slack, OpenBSD, Debian, SuSE
Posts: 189

Rep: Reputation: 30
this is possible by using rbash then setting the PATH env to whatever dir you want the user chrooted to
 
Old 09-07-2003, 12:04 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,414
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
There's a basically three generic ways to provide chroot or chroot-like functions: using PAM, using "rbash" (bash -r) like PhoeniXflame offered and using a chroot. Then there's ACL's (Grsecurity/LIDS, not the bestbits.at stuff) which can help restrict processes from accessing data, aid in building stronger chroots and allow you to deny users to access binaries outside the $PATH. Docs about most of these you can find in the 1st sticky thread of this forum.

Apart from OpenSSH's own safety-enhancing features, there is a chroot patch available. If you want to minimize user interaction with the system you can also set up accounts to only use scp or sftp with a shell like rssh or scp-only.
 
Old 09-07-2003, 01:30 PM   #4
phoeniXflame
Member
 
Registered: Feb 2003
Location: Somewhere, UK
Distribution: Slack, OpenBSD, Debian, SuSE
Posts: 189

Rep: Reputation: 30
but at the end of the day ...... should you REALLY be offering shells to people who you dont trust in the first place
 
Old 09-08-2003, 01:00 AM   #5
beatlelane
Member
 
Registered: Jun 2003
Location: Manila
Distribution: Bayanihan+RH9+FC1
Posts: 68

Original Poster
Rep: Reputation: 15
At least I realize now this concern is possible, although I have to read more info about this based on what you have said people, we’ll get into that later. For now, I have to get something more important features of this system.

Perhaps my system is not really as exposed, am I right?

And thanks anyway for your time phoeniXflame and unspawn! Long live!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Users can only see home directory bluenix Linux - General 20 03-12-2005 09:51 AM
Users home directory. Permissions. jsbush Linux - Newbie 4 10-29-2003 09:13 AM
multi users on the same home directory rpinatel Linux - General 2 09-05-2003 12:55 PM
multi users on the same home directory rpinatel Linux - General 4 09-05-2003 11:22 AM
2 users, 1 mailbox and 1 home directory keevitaja Linux - Newbie 3 08-15-2002 09:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration