Ubuntu

Hi Friends,
I want to create one user on my server in such a way that when he logged in by ssh on server,he can able to access ONLY /var/www/drupal-6.2 this directory. Please tell me how should i do that.

Change his home directory in /etc/passwd to /var/www/drupal-6.2. But it's a weak measure.

If you have bash, you can change his login shell to rbash and he will be extremely limited in what operations he can do. You will need to change his home directory to drupal's, because he won't be able to cd at all in rbash. See RESTRICTED SHELL under man bash for a complete list of what a BASH restricted shell will and won't let him do.

Be sure not to allow him to edit his startup files or put any folders he has write-access to in PATH. (restricted shell will stop him from running ./myscript.sh because of the /, but if he could just dump the script somewhere...)

I set rbash to that user & home dir to /var/www/drupal-6.2 but the problem is i want he can access anything inside drupal. rbash restricts cd command.

You don't have to cd to do things. / in parameters isn't restricted.

Code:

nano path/to/file

mv /path/to/this path/to/that

This won't restrict him from editing things outside of drupal though. You could use user file ownership and permissions to do that.

Come to think of it, the whole "restrict to one directory" thing is a bit of a red herring for any operating system with relative and absolute paths. Any user can cd into /usr/, but can they edit files in there? Probably not. Any user can create files in /tmp/, but do they cd into /tmp/ when they do so? Probably not. cd is just a convenience, file permissions are what control the actual security.

Better to consider file ownership than what directory he's in. You could make him use a limited user where the drupal folder and things in it belong to his user. He could cd other places, but so what? He wouldn't be able to accomplish much by doing so.