LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-19-2002, 09:00 AM   #1
cliffyman
Member
 
Registered: Aug 2001
Location: Buffalo, NY
Distribution: Red Hat
Posts: 83

Rep: Reputation: 15
restricting a user's access to a single directory


Simple question here: how can I restrict a user's access to ONLY their home directory? I don't want them to be able to read any other directories on the server. Obviously right now they can browse just about anywhere on the server without actually doing anything, but I just want them to be able to work with files in their home dir. Can someone let me know how to do this? Thanks!
 
Old 08-19-2002, 12:32 PM   #2
turnip
Member
 
Registered: Jul 2002
Posts: 143

Rep: Reputation: 15
cd into the users dir and chown the .. to root and chmod it so world cant execute it and he should be locked in

edit..

never mind, cannot login if you do that=p oh well. you can start chrooting processes the users are using to log in, that will lock them in a directory for sure

Last edited by turnip; 08-19-2002 at 01:36 PM.
 
Old 08-19-2002, 07:18 PM   #3
Malicious
Member
 
Registered: Jan 2002
Location: Galveston Island
Distribution: suse, redhat
Posts: 208

Rep: Reputation: 30
man bash

Check out the -r execution option. This restricts the user to polite activities (no cd, no changing shells, etc.). Use rbash (which is the same as "bash -r") as the users login shell. Don't forget to add rbash to /etc/shells.
 
Old 08-22-2002, 12:22 PM   #4
kill-hup
Member
 
Registered: Aug 2000
Location: NY - USA
Distribution: Slackware
Posts: 109

Rep: Reputation: 15
Restricted shells can be a deterrent, but note that scripts and programs can easily circumvent the shell restriction. Your best bet is to create a chroot'ed environment with local statically-linked binaries in the user's home dir.

I guess the larger question is why you would want this person on the machine, if they can't be trusted to play nicely Turn on accounting if you're paranoid.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Not able to go to other user's home directory biswajit_dey Linux - Software 6 07-21-2005 08:14 AM
Changing user's home directory? HOW barton Debian 10 04-04-2005 02:27 AM
Restricting directory access with vsftpd BobM Linux - General 1 03-30-2004 10:19 AM
restricting directory access with vsftpd BobM Linux - Networking 0 03-30-2004 08:07 AM
how to change a user's Home directory n1wil Linux - General 8 08-24-2002 03:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration