specifically - I don't need to restrict a user to a single directory - but I want them to be "ROOTED" to their home directory.

so if my home directory is /home/onlyme

when I login - if I do a pwd - I want to see:
/

but in real life I will be in /home/onlyme - it just appears as root to me.

I don't care if I can make dir's under this... I just don't want users to even SEE what's above their home dir...

i think there used to be a way in sysV unix to do this in the passwd file... but I don't remember how.

chroot is NOT a solution - it confines the user to a jail - but they have full [visual] access to the jail.

FWIW - I'm using debian linux.
TIA

I'm not familiar with the type of obscure trick you're implying.

However, I could give you some advise on how to do something similar. Bash has a mode in which users shall not exit their home dir (RESTRICTED MODE). This mode can be activated by calling bash with another name (rbash -- which is simply a symlink to bash) or doing bash -r . Although this restrictions work fine under normal usage, they are only a barrier to dummy users because any programmer could bypass them all.

Alternatively you could try more reliable methods such as virtualization (f.e. xen).

red-

TX much for your reply...

I am actually familiar with rbash.
The problem with the restricted shell is this - even if the user can't 'cd' out of it - they still can ls /home.

what I'm after here, is to no only protect the data of other users, but their identity as well. I don't want users to know who other users are, or even how many other users there are...

Re: virtualization - I'm not sure how that would help; unless I setup a VM for each user ;-) FWIW: this system is already a VM under vmware-server (free ver.)

TIA for any other ideas/comments

Do you want chroot? The only problem with that is you have to create a link in each /home/username to /usr and maybe /opt, etc. so they can run scripts or apps.

try this for some background on chroot jail-
http://www.unixwiz.net/techtips/chroot-practices.html

@itobenon: If you don't want them to ls /home, just change permissions: chmod 711 /home . About /etc/passwd is harder because many programs rely on reading it's contents (ACL implementation would be advised).

Yes, I was talking about virtualization per user.

Anyway, why not try selinux? RSBAC? grsecurity? I think you're looking for MAC/ACL implementations (they're hard to maintain but provide ultimate security)

I don't understand why chroot is not acceptable. As far as I can tell, it fulfills your requirements.

I too would like to know chroot will not work.