LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page SSH users
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-18-2004, 03:58 AM   #1
kl0wn
LQ Newbie
 
Registered: Nov 2004
Posts: 1

Rep: Reputation: 0
SSH users

I would like to set permissions on users that I add for my SSH. I would like it so users can only stay in one directory and not leave it but allow them to have write/read access from within their directory. Is this possible? And is there an easy way to do this? Thanks.
 
Old 11-18-2004, 04:12 AM   #2
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
hmm..I'm not a permissions pro (yet, at least) and I'm kind of a busy now, but one thing that came to my mind was this:

you create dir for the user, make it's permissions so that the user can reside in it (owner or so), and s/he cannot go "outside" it (a bit like home directories, but more strictly so the user doesn't have permissions to read /usr/bin and so on, either...dunno why you'd like to do this, though, because then s/he wouldn't be able to do anything...that is, if s/he only had read permissions to that one single dir). anyway.

then you would make some files readable/writeable by that user, with a new group or something, whatever you wish. put the files inside a dir that the user has no access to..so he can't straight open the file. then you would create a symlink to that single file, inside the user's dir, so that the user would have permissions to the symlink and to the file through it... (I have no idea if this works, if the user cannot read the directory the actual file is in).

so the user would use the files through symlinks. I have really no idea if this works (so I guess it doesnt hehe), but try it out if you can't figure anything else out.
Last edited by b0uncer; 11-18-2004 at 04:13 AM.
 
Old 11-18-2004, 04:54 AM   #3
jmajor
Member
 
Registered: Nov 2004
Location: Australia
Distribution: Fedora, Ubuntu
Posts: 55
Blog Entries: 2

Rep: Reputation: 17
the usual method for confining a user or process to a directory and it's subdirectories is to use the chroot program to give a false root directory. If you do this and do not provide copies or hardlinks
to binaries such as cp and mv, and some libraries from /usr/lib, the user will not be able to make much use of their read/write access. Note that symlinks will not work from a chroot'd environment as the location referenced cannot be reached.

Also re: bOuncer's post, access through a symlink uses the target file's permissions and not the symlink. I tried that one myself once :-). I haven't tried via a hard link.

Perhaps some more detail of your goal and someone will suggest a good solution for you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remove SSH users? o3h Linux - Software 2 12-01-2005 09:25 PM
ssh users mrbabis Linux - Software 6 11-25-2005 11:55 AM
how can i add users to ssh omashhour Linux - Networking 6 12-17-2004 03:59 PM
Ssh Users Look At This! DavidPhillips Linux - Security 11 09-16-2002 03:06 PM
ssh users and authorized_keys ifm Linux - Security 3 06-12-2002 09:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:19 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration