The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Dummies Questions & Answers
Google UNIX.COM


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
restrict the user not to key in more than 50 chars injeti Shell Programming and Scripting 18 08-16-2008 08:06 AM
restrict the user not to key in more than 50 chars injeti UNIX for Advanced & Expert Users 1 08-14-2008 07:08 AM
Restrict FTP access to a single directory for only one user. santhoshkumar_d UNIX for Advanced & Expert Users 8 05-23-2008 05:08 AM
restrict a user to certain command vikas027 SUN Solaris 1 03-07-2008 06:52 AM
need to restrict user to his home dir lidram SUN Solaris 5 02-06-2008 08:03 AM

Reply
 
Submit Tools LinkBack Thread Tools Search this Thread Display Modes
  #1  
Old 08-21-2008
Registered User
 

Join Date: Aug 2008
Posts: 5
Angry how do U restrict a user to a single directory?

specifically - I don't need to restrict a user to a single directory - but I want them to be "ROOTED" to their home directory.

so if my home directory is /home/onlyme

when I login - if I do a pwd - I want to see:
/

but in real life I will be in /home/onlyme - it just appears as root to me.

I don't care if I can make dir's under this... I just don't want users to even SEE what's above their home dir...

i think there used to be a way in sysV unix to do this in the passwd file... but I don't remember how.

chroot is NOT a solution - it confines the user to a jail - but they have full [visual] access to the jail.

FWIW - I'm using debian linux.
TIA
Reply With Quote
Forum Sponsor
  #2  
Old 08-21-2008
Registered User
 

Join Date: Aug 2008
Location: Portugal
Posts: 213
I'm not familiar with the type of obscure trick you're implying.

However, I could give you some advise on how to do something similar. Bash has a mode in which users shall not exit their home dir (RESTRICTED MODE). This mode can be activated by calling bash with another name (rbash -- which is simply a symlink to bash) or doing bash -r . Although this restrictions work fine under normal usage, they are only a barrier to dummy users because any programmer could bypass them all.

Alternatively you could try more reliable methods such as virtualization (f.e. xen).
Reply With Quote
  #3  
Old 08-22-2008
Registered User
 

Join Date: Aug 2008
Posts: 5
red-

TX much for your reply...

I am actually familiar with rbash.
The problem with the restricted shell is this - even if the user can't 'cd' out of it - they still can ls /home.

what I'm after here, is to no only protect the data of other users, but their identity as well. I don't want users to know who other users are, or even how many other users there are...

Re: virtualization - I'm not sure how that would help; unless I setup a VM for each user ;-) FWIW: this system is already a VM under vmware-server (free ver.)

TIA for any other ideas/comments
Reply With Quote
  #4  
Old 08-22-2008
...@...
 

Join Date: Feb 2004
Location: NM
Posts: 4,298
Do you want chroot? The only problem with that is you have to create a link in each /home/username to /usr and maybe /opt, etc. so they can run scripts or apps.

try this for some background on chroot jail-
http://www.unixwiz.net/techtips/chroot-practices.html

Last edited by vgersh99; 08-23-2008 at 01:09 PM. Reason: fixed code tag
Reply With Quote
  #5  
Old 08-22-2008
Registered User
 

Join Date: Aug 2008
Location: Portugal
Posts: 213
@itobenon: If you don't want them to ls /home, just change permissions: chmod 711 /home . About /etc/passwd is harder because many programs rely on reading it's contents (ACL implementation would be advised).

Yes, I was talking about virtualization per user.

Anyway, why not try selinux? RSBAC? grsecurity? I think you're looking for MAC/ACL implementations (they're hard to maintain but provide ultimate security)
Reply With Quote
  #6  
Old 08-23-2008
era era is offline
Herder of Useless Cats
 

Join Date: Mar 2008
Location: /there/is/only/bin/sh
Posts: 3,650
I don't understand why chroot is not acceptable. As far as I can tell, it fulfills your requirements.
Reply With Quote
  #7  
Old 08-24-2008
...@...
 

Join Date: Feb 2004
Location: NM
Posts: 4,298
I too would like to know chroot will not work.
Reply With Quote
Google The UNIX and Linux Forums
Reply

Tags
chroot, home, jail, rbash, rsh, rssh, sftp

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes




All times are GMT -7. The time now is 09:17 PM.


Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008. All Rights Reserved.Ad Management by RedTyger Visit The Complex Event Processing Blog

Content Relevant URLs by vBSEO 3.2.0