Restricting a user to their home directory and below


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Restricting a user to their home directory and below
# 1  
Old 09-29-2011
Restricting a user to their home directory and below

I found this old closed thread:
I can do these things, but how to I change someone's profile - where do I find the profile? I'm running Centos 5.6

~~~~~~~~~
providing you have the password shell set to ksh,
you can put this in his .profile:
cd /opt/load
alias -x cd=:
# 2  
Old 09-29-2011
You can find
Code:
.profile

under
Code:
$HOME/.profile

which is user's home directory if it doesn't exist create it by issuing the following command
Code:
$ touch .profile

# 3  
Old 09-29-2011
so - let me see if I have this correct ok?

is the user name is test

and their home directory is /usr/local/websites/test

I can create a file called test.profile in /usr/local/websites/test

and the commands in the test.profile will be executed once that user logs in?

thanks

---------- Post updated at 03:14 PM ---------- Previous update was at 03:06 PM ----------

Quote:
Originally Posted by jjj0923
so - let me see if I have this correct ok?

is the user name is test

and their home directory is /usr/local/websites/test

I can create a file called test.profile in /usr/local/websites/test

and the commands in the test.profile will be executed once that user logs in?

thanks
hmmm... well I know this doesn't work because I just tried logging in as test
# 4  
Old 09-29-2011
That alias command can be trivially undone with unalias cd, thereby restoring the ability to easily change the working directory. Since you haven't mentioned what you are actually trying to accomplish (only how you're trying to accomplish it), that may or may not be a problem.

Regards,
Alister
# 5  
Old 09-29-2011
I an going to allow a remote user to ssh into one of my servers and have access to the code on on of our websites. I would like to limit that users access to the direcotry in which the code for the website is located.

I am simply looking for the easiest way to limit his access to that directory (and it's subdirectories) alone.

any help would be truly appreciated.
# 6  
Old 09-29-2011
Install 'rssh' or 'mysecureshell' and just give sftp access, the user can then only upload or download files within the top directory that you assign.
The user can download a file, modify it on his own system then replace it on yours.
# 7  
Old 09-29-2011
It can be tempting to set up a chroot -- the promise of ultimate security and giving them absolutely nothing to work with but their own folder. As usual there's complications -- how about a demonstration of how chroot works.

Code:
$ cp /bin/bash ~/
$ sudo chroot / ~/bash
# It worked!  Useless but just an example.
$ exit
# Now to try a less useless example, restricting to ~/
$ sudo chroot ~/ ~/bash
chroot: failed to run command `/home/user/bash': No such file or directory
$ sudo chroot ~/ /bash
chroot: failed to run command `/bash': No such file or directory
$ sudo chroot ~/ ./bash
chroot: failed to run command `./bash': No such file or directory
$ ldd ./bash
        linux-gate.so.1 =>  (0xb77d8000)
        libncurses.so.5 => /lib/libncurses.so.5 (0xb778d000)
        libdl.so.2 => /lib/libdl.so.2 (0xb7789000)
        libc.so.6 => /lib/libc.so.6 (0xb7644000)
        /lib/ld-linux.so.2 (0xb77d9000)
# Whoops!  It needs libraries!  Let's try an emergency backup shell.
$ cp /bin/busybox ~/bb
$ sudo chroot ~/ /bb
# It worked!  We're stuck in /home/user/.
# Now that we're secure, let's get to work!
$ nano filename.txt
/bb: nano: not found
$ ssh username@host
/bb: ssh: not found
$
# ...oh dear. Those were in /usr/bin.
# At least we have ed:
$ ed filename.txt
"filename.txt", 0 lines, 0 chars

?
help
?
?
?
quit
?
exit
?
bye
?
hello?
?
eat flaming death
?
^C
?
^C
?
^D
?

In short, any shell user needs access to lots of things outside their home -- starting with, well, a shell. If you wanted sftp, that could be chrooted reasonably...

Let's see what mischief they can get up to without a chroot:

Code:
# Can't login without a shell.
$ whereis sh
sh: /bin/sh
# Oh no, they need access to /bin/.  Surely that's a recipe for disaster:
$ echo "TOTALLY NOT A ROOTKIT" > /bin/notarootkit.sh
-bash: /bin/notarootkit.sh: Permission denied
# Curses, foiled again!  But what if we CD there...
$ cd /bin/
$ echo "TOTALLY NOT A ROOTKIT" > notarootkit.sh
-bash: notarootkit.sh: Permission denied
# There seems to be some kind of force field...
$ ls -ld /bin/
drwxr-xr-x 2 root root 4096 Feb  8  2011 /bin/
# ...ah.  Only root can write.  The world is saved.
# But what about other users' folders?
$ cd /home/panic
-bash: cd: /home/panic/: Permission denied
# Friggn...
$ ls -l /home/panic
ls: cannot open directory /home/panic: Permission denied
# Rassafrassin..
$ cat /home/panic/public_html/index.html
cat: /home/panic/public_html/index.html: Permission denied
# $%^*$%^!!  Does it even exist?
$ ls -ld /home/panic/
drwx-----x 3 panic users 4096 Jun 17 13:27 /home/panic
# Yes...

We get asked all the time how to restrict someone to home, but a little thinking about your file and directory ownerships and permissions can go a long way in securing your system.

---------- Post updated at 03:28 PM ---------- Previous update was at 03:27 PM ----------

Quote:
Originally Posted by jgt
Install 'rssh' or 'mysecureshell' and just give sftp access
Ah, but he said ssh.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

SunOS confusing root directory and user home directory

Hello, I've just started using a Solaris machine with SunOS 5.10. After the machine is turned on, I open a Console window and at the prompt, if I execute a pwd command, it tells me I'm at my home directory (someone configured "myuser" as default user after init). ... (2 Replies)
Discussion started by: egyassun
2 Replies

2. Shell Programming and Scripting

Trying to delete a user and home directory

Good Afternoon, I'm trying userdel -r username on Solaris 9 and getting UX: userdel: ERROR: unable to find status about home directory: No such file or directory I see the user's home directory and getent passwd shows the user Anybody know what's causing it? (2 Replies)
Discussion started by: Stellaman1977
2 Replies

3. UNIX for Dummies Questions & Answers

User's home directory not being created

I am trying to create Oracle user. I will install oracle after that. But my problem is /home/oracle directory is not being created. bash-3.2# useradd -g oinstall -G dba,oper -d /home/oracle -m oracle cp: /home/oracle: Operation not applicable chown: /home/oracle: No such file or directory ... (3 Replies)
Discussion started by: hubatuwang
3 Replies

4. Solaris

Home Directory for oracle user

Hello all, I am Installing Oracle 11g on my Solaris OS. I created the below oracle user: # /usr/sbin/useradd -g oinstall -G dba oracle but when i am trying to to su - oracle it give me the below error No directory Do i have to setup a home directory for oracle user? and how can i do... (1 Reply)
Discussion started by: beayni33
1 Replies

5. Red Hat

User's home directory

Hi, By default user's home directory will be /home/$user. I want to change it to /javauser/$user. How can I do it? Thanks Jeevan. (5 Replies)
Discussion started by: jredx
5 Replies

6. Solaris

Restricting SFTP user to a defined directory and home directory

Hi, I've created solaris user which has both FTP and SFTP Access. Using the "ftpaccess" configuration file options "guest-root" and "restricted-uid", i can restrict the user to a specific directory. But I'm unable to restrict the user when the user is logged in using SFTP. The aim is to... (1 Reply)
Discussion started by: sftpuser
1 Replies

7. Shell Programming and Scripting

how to find out the home directory of a user??

Hi all, I would like to know how to find out the home directory of a particular user.. eg, If am the root , then my Home directory will be / if say am just a user logging into the terminal then my home dir would change, so accordingly i would like to know how to find it out... I know that... (7 Replies)
Discussion started by: wrapster
7 Replies

8. UNIX for Dummies Questions & Answers

Specifying FTP user Home Directory

Hi, I am running Solaris 10 and I am using the ftp server that comes with it. I would like to specify a specific directory as ftp user's home directory. For example, if "ftpuserx" ftps into my solaris machine, they will automatically be taken to "/space/web" directory, even though there... (0 Replies)
Discussion started by: annointed3
0 Replies

9. UNIX for Dummies Questions & Answers

user home directory problem

The home directory for me on my system is on /home/kwon. It was created using "useradd kwon" When i go to change the home directory for a user doing a usermod -d /home/test when they log on it gives them messages saying to generate new ssh keys, and it does. It gives me a thing that says... (1 Reply)
Discussion started by: BangYourWallnut
1 Replies

10. UNIX for Dummies Questions & Answers

resrtrict user to his home directory

Hello How do i restrict a user only to his own directory so that he wont be able to cd to other directories. say for excample there is user called xiamin then xiamin should be restricted to /usr/xiamin only. i am on redhat linux regards Hrishy (4 Replies)
Discussion started by: xiamin
4 Replies
Login or Register to Ask a Question