|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !! |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| restrict the user not to key in more than 50 chars | injeti | Shell Programming and Scripting | 18 | 08-16-2008 08:06 AM |
| restrict the user not to key in more than 50 chars | injeti | UNIX for Advanced & Expert Users | 1 | 08-14-2008 07:08 AM |
| Restrict FTP access to a single directory for only one user. | santhoshkumar_d | UNIX for Advanced & Expert Users | 8 | 05-23-2008 05:08 AM |
| restrict a user to certain command | vikas027 | SUN Solaris | 1 | 03-07-2008 06:52 AM |
| need to restrict user to his home dir | lidram | SUN Solaris | 5 | 02-06-2008 08:03 AM |
 |
|
|
Submit Tools | LinkBack | Thread Tools | Search this Thread | Display Modes |
|
#1
08-21-2008
|
|||
|
|||
how do U restrict a user to a single directory?
specifically - I don't need to restrict a user to a single directory - but I want them to be "ROOTED" to their home directory.
so if my home directory is /home/onlyme when I login - if I do a pwd - I want to see: / but in real life I will be in /home/onlyme - it just appears as root to me. I don't care if I can make dir's under this... I just don't want users to even SEE what's above their home dir... i think there used to be a way in sysV unix to do this in the passwd file... but I don't remember how. chroot is NOT a solution - it confines the user to a jail - but they have full [visual] access to the jail. FWIW - I'm using debian linux. TIA 
|
| Forum Sponsor | ||
|
|
|
#2
08-21-2008
|
|||
|
|||
|
I'm not familiar with the type of obscure trick you're implying.
However, I could give you some advise on how to do something similar. Bash has a mode in which users shall not exit their home dir (RESTRICTED MODE). This mode can be activated by calling bash with another name (rbash -- which is simply a symlink to bash) or doing bash -r . Although this restrictions work fine under normal usage, they are only a barrier to dummy users because any programmer could bypass them all. Alternatively you could try more reliable methods such as virtualization (f.e. xen).
|
|
#3
08-22-2008
|
|||
|
|||
|
red-
TX much for your reply... I am actually familiar with rbash. The problem with the restricted shell is this - even if the user can't 'cd' out of it - they still can ls /home. what I'm after here, is to no only protect the data of other users, but their identity as well. I don't want users to know who other users are, or even how many other users there are... Re: virtualization - I'm not sure how that would help; unless I setup a VM for each user ;-) FWIW: this system is already a VM under vmware-server (free ver.) TIA for any other ideas/comments 
|
|
#4
08-22-2008
|
|||
|
|||
|
Do you want chroot? The only problem with that is you have to create a link in each /home/username to /usr and maybe /opt, etc. so they can run scripts or apps.
try this for some background on chroot jail- http://www.unixwiz.net/techtips/chroot-practices.html Last edited by vgersh99; 08-23-2008 at 01:09 PM. Reason: fixed code tag
|
|
#5
08-22-2008
|
|||
|
|||
|
@itobenon: If you don't want them to ls /home, just change permissions: chmod 711 /home . About /etc/passwd is harder because many programs rely on reading it's contents (ACL implementation would be advised).
Yes, I was talking about virtualization per user. Anyway, why not try selinux? RSBAC? grsecurity? I think you're looking for MAC/ACL implementations (they're hard to maintain but provide ultimate security)
|
|
#7
08-24-2008
|
|||
|
|||
|
I too would like to know chroot will not work.
|
|||
| Google The UNIX and Linux Forums |
Linear Mode
