Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I am setting up a user who should have below configuratin.
Home dir = /home/test
Only allowed to view below directory
/var/log/tomcat
/usr/local/opus
He must not able to even real other directory. He should have access to only above directories.
Sorry, not possible. You can run SSH in a chroot jail, but that limits them to their OWN home directory. You can't have multiple directories specified. The only possibility would be to make symbolic links to those directories, but even then that's not a wise idea, since you'd then have a hard time with permissions for other users (like Apache, tomcat, etc.), being able to access them.
Quote:
Also he should be able to run all commands and allow to restart only apache and tomcat service. He should not able to restart any other service.
Please help me to set it up.
You can set up sudo to let users run certain commands as root. Restarting services is a root-only thing, and restricting a user to one or two commands is fairly simple. There is much documentation on setting up the sudoers file you can find with a Google search.
Hello,
Thanks for quick reply. I was also thinking that its not possible just want to know from experts that if its possible. Can you provide me a link to easily setup chroot in centos ?
Your best bet would be to look into using SELinux to define a specific role.
But you have to realize that the types already assigned to the directories/files may require you to also grant access to other files and directories.
Second, partly a nit... If the user can only access /var/log/tomcat and /usr/local/opus, how is the user to use ANY commands, or even have a shell? These have to be accessed through /usr/bin... and depending on what the user is doing, may also require access to /tmp, /var (log files reporting other errors that may be related to failures in tomcat).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.