Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-09-2004, 01:36 AM   #1
Registered: Sep 2004
Location: India
Distribution: Solaris 9, FreeBSD 4.10, Slackware, RedHat, Knoppix,
Posts: 84

Rep: Reputation: 16
user jailing ?


I would like to know if there is a way (well, there certainly is) to lock a particular user (or all users) in their home directory. This is exactly what i m looking for -
There is a centrally located Linux (RedHat 9.0) server to which users login to their shell accounts. Now what i want to do is to restrict the users to their home directory so that they cant move out of their home directory - in other words chroot $HOME - but that is only possible as r00t. i tried adding "chroot $HOME" line in /etc/bashrc but that can be executed only as root. So is there a way that whenever someone logs in - he cant move out of his home directory ----- both for FTP and shell...

Old 10-09-2004, 01:40 AM   #2
Registered: Aug 2003
Location: Dallas,TX
Distribution: Ubuntu Server, Slackware, Red Hat 6.1
Posts: 241

Rep: Reputation: 30
Not sure how to lock them in the shell, but for FTP (if you are using proftpd) just add this towards the top of your proftpd.conf:
DefaultRoot ~
Old 10-09-2004, 03:07 AM   #3
Registered: Oct 2003
Location: Planet Earth
Distribution: Slackware, LFS
Posts: 561

Rep: Reputation: 30
Yes, it can be done, but remember chroot restricts whomever or whatever is inside the jail to just what's in the jail with them. Meaning they can not access any applications or files not installed inside the jail. For instance, if you simply run "chroot /tmp" as root you will get an error about not being able to find /bin/bash because there is no /bin/bash inside the jail. But if you copy /bin/bash to /tmp/bin/bash and any dependancies it has into the jail as well, it will work. You can not simply prevent a user from moving about the file system while at the same time allowing the user to use those files. Make sense? Anyway here is a link to a project that sets it up for you.

You could also setup Virtual Machines which are completely separate systems all running on and sharing the same hardware. But at the end of the day the simpliest thing to do is to not give shell access to those you do not trust, else you are just asking for trouble.

Last edited by DaHammer; 10-09-2004 at 03:13 AM.
Old 10-09-2004, 03:20 AM   #4
Registered: Sep 2004
Location: India
Distribution: Solaris 9, FreeBSD 4.10, Slackware, RedHat, Knoppix,
Posts: 84

Original Poster
Rep: Reputation: 16
Thanks for the help guys,

setting up a chroot "jail" is one of the most time consuming thing in linux... Is this the only way i can restrict shell commands (pfffft). Well then for each and every user i ll have to spend huge time (maybe i ll write a script?).

Is there any other way to do is this how all the website providers and free shell providers achieve doing it?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Jailing a user to a specific folder ONLY GUIPenguin Linux - Security 3 09-23-2005 07:16 AM
Jailing users with ProFTPd bullium Linux - Security 4 03-25-2005 04:00 PM
Jailing an user SiLiCoN Linux - General 4 10-09-2004 05:49 AM
chrooting or jailing inetd or inetd started daemons ? MasterC Linux - Security 2 07-15-2003 06:28 PM
Jailing SFTP Users to Home directory Jason_25 Linux - Networking 3 01-06-2002 09:32 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:16 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration