Locking user into /home/user
So I've got a slackware 10.2 box up and running with a webserver. I put the webpage files in /home/www, created a user "webadmin" in the group "webmasters", set /home/www as his home (and chown'd it webadmin:webmasters) and set /home/www to 775. What I want to do now is lock "webadmin" into /home/www (and below) so that the user can do what it wants with the webpage but can't do jack else. What's the best way to go about doing that, or something similar?
|
You can simply change the permission of every directory other than "/home" and "/home/www" so that they wont have permissions to do anything or go anywhere.
|
Quote:
|
It's not that hard at all. All you have to do is make sure that all the execute permissions of every directory for "world" are disallowed and also make sure that the user is not in any groups.
To remove the execute permission for "world" from every directory you'd just type (as root) chmod o-x `find / -type d`. Then it's a simple matter to change the permissions for "/home" and "/home/www" (and all subdirectories) back to what they were. Mind you, regardless of whether you do the above or not, a regular user cannot affect anything outside their home directory anyway. They can see all (or most) of the other files but can't do anything with them. So the above step may be unnecessary unless you're concerned about letting your users know anything about the rest of the system. |
Quote:
If you change the permissions of every directory of your system, your system will become unuseable for the users. There are files which are and should remain world executable: ls, cat, login etc. You sould find another aproach. Maybe SELinux or grsecurity or something like this... |
Quote:
Later :D :D :D :D |
Quote:
|
The way I always configure this is to add a user, edit /etc/passwd and change the users shell to /bin/deny.
Install vsftpd, there is an option to chroot the users so they can't escape from there home directory's. Now the user can only change files by logging in with ftp and they can't get out of their home directory. |
That sounds like a perfect plan with the 'you can only login via this chrooted ftp'. Thanks!
|
also check out the 'scponly' shell
|
http://gentoo-wiki.com/HOWTO_chroot_login
And google around for "chroot a user into home directory" and phrases like that. Quote:
|
All times are GMT -5. The time now is 08:23 PM. |