Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: restrict access of a user to two directories only
Operating Systems Linux Red Hat restrict access of a user to two directories only Post 302185635 by vikas027 on Tuesday 15th of April 2008 01:00:35 PM
Old 04-15-2008
I downloaded a script from the below link
fuschlberger.net - Howto Setup a chroot-jail for ssh/scp with Linux

everything went fine except this,
Quote:
cp: cannot stat `/lib/ld-lsb.so.1': No such file or directory
cp: cannot stat `/lib/libxcrypt.so.1': No such file or directory
I am running this script as
Quote:
./make_chroot_jail.sh jdoe /bin/bash /home/jail/./home/jdoe
I am able to login to user jdoe BUT still I am able to change directories. Am i doing something wrong. Pls help. !!

Thanks.
 

10 More Discussions You Might Find Interesting

1. HP-UX

How to restrict a user group to access the kernel

Hi, Please any one can help me to know that how we can restrict a user group to access the kernel at all. (0 Replies)
Discussion started by: harishankar
0 Replies

2. UNIX for Advanced & Expert Users

Restrict FTP access to a single directory for only one user.

Hi All, It will be very great if you can help me in this issue. Thanks in advance. I need to enable FTP on a solaris9 server. I need to create a new user some "xxxxxx" and he can only FTP the files to and from between /tftpboot directory and network devices. Other users should not... (8 Replies)
Discussion started by: santhoshkumar_d
8 Replies

3. UNIX for Dummies Questions & Answers

Restrict user access to their home dir

Hi! i'm using FreeBSD 6.2 and hosting my pc to frens in particular of sensitive information being saved to the PC, i would like to know is it possible for me to restrict user access to their /home dir. only? and also, i wanted to restrict them listing files under /etc thanks all! (10 Replies)
Discussion started by: rdns
10 Replies

4. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

5. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

6. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

7. UNIX for Dummies Questions & Answers

Rsync on Cygwin - Restrict user to several directories

Hi, I'm using rsync on cygwin (winXP) to sync our files between several laptops and XP (acting as a file server) For simplicity I use the same user account with different certificates over SSH. Now my question is; If a user understands the logic and modifies the rsync command, he can easily... (0 Replies)
Discussion started by: cemo
0 Replies

8. Shell Programming and Scripting

Allow FTP user to access multiple directories

Hi Experts, I am in urgent need of your suggestions. I have below two users in my system: xyz:x:101:101:XYZ System Account:/export/home/xyz:/bin/bash abc:x:2009:10:ftp user only:/export/home/abc:/bin/false Where "xyz" is the crucial one and "abc" is only introduced for FTPing the... (2 Replies)
Discussion started by: sugarcane
2 Replies

9. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

10. Shell Programming and Scripting

Generate list of directories that a user has access to

I manage an AIX OS 7.1 system on IBM Power 770. I want to find out which directories/folders a particular user has read/write access to. How can I cleanly create a list of all directories on the system that a user has access to.. Does this make sense? Thanks in Advance, NEWB:rolleyes: (3 Replies)
Discussion started by: code911
3 Replies

LEARN ABOUT FREEBSD

chroot

CHROOT(2)						      BSD System Calls Manual							 CHROOT(2)

NAME

     chroot -- change root directory

LIBRARY

     Standard C Library (libc, -lc)

SYNOPSIS

     #include <unistd.h>

     int
     chroot(const char *dirname);

DESCRIPTION

     The dirname argument is the address of the pathname of a directory, terminated by an ASCII NUL.  The chroot() system call causes dirname to
     become the root directory, that is, the starting point for path searches of pathnames beginning with '/'.

     In order for a directory to become the root directory a process must have execute (search) access for that directory.

     It should be noted that chroot() has no effect on the process's current directory.

     This call is restricted to the super-user.

     Depending on the setting of the 'kern.chroot_allow_open_directories' sysctl variable, open filedescriptors which reference directories will
     make the chroot() fail as follows:

     If 'kern.chroot_allow_open_directories' is set to zero, chroot() will always fail with EPERM if there are any directories open.

     If 'kern.chroot_allow_open_directories' is set to one (the default), chroot() will fail with EPERM if there are any directories open and the
     process is already subject to the chroot() system call.

     Any other value for 'kern.chroot_allow_open_directories' will bypass the check for open directories

RETURN VALUES

     Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the
     error.

ERRORS

     The chroot() system call will fail and the root directory will be unchanged if:

     [ENOTDIR]		A component of the path name is not a directory.

     [EPERM]		The effective user ID is not the super-user, or one or more filedescriptors are open directories.

     [ENAMETOOLONG]	A component of a pathname exceeded 255 characters, or an entire path name exceeded 1023 characters.

     [ENOENT]		The named directory does not exist.

     [EACCES]		Search permission is denied for any component of the path name.

     [ELOOP]		Too many symbolic links were encountered in translating the pathname.

     [EFAULT]		The dirname argument points outside the process's allocated address space.

     [EIO]		An I/O error occurred while reading from or writing to the file system.

SEE ALSO

     chdir(2), jail(2)

HISTORY

     The chroot() system call appeared in 4.2BSD.  It was marked as ``legacy'' in Version 2 of the Single UNIX Specification (``SUSv2''), and was
     removed in subsequent standards.

BUGS

     If the process is able to change its working directory to the target directory, but another access control check fails (such as a check for
     open directories, or a MAC check), it is possible that this system call may return an error, with the working directory of the process left
     changed.

SECURITY CONSIDERATIONS

     The system have many hardcoded paths to files where it may load after the process starts.	It is generally recommended to drop privileges
     immediately after a successful chroot call, and restrict write access to a limited subtree of the chroot root, for instance, setup the sand-
     box so that the sandboxed user will have no write access to any well-known system directories.

BSD
								  January 3, 2012							       BSD
All times are GMT -4. The time now is 10:10 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy