Ok. Unless you change the "world" permissions on the whole system,
I don't believe that you can do this through permissions.
So.... that's why I think you need a slightly more sophisticated solution.
Try putting this in the user's ~/.profile
Then, you can put all of the valid directories in the
/.approved_dirs file
Make that file read / writable by root only, and
the directory where it resides cannot by writable
by the user. But we're assuming a rather unsophisticated user anyways.
Putting the .approved_dirs file in their HOME directory and making it
owned by root and not writeable by anyone else might be sufficient.
Code:
typeset -xf _cd
function _cd
{
\cd $*
if grep "^${PWD}$" /.approved_dirs > /dev/null 2>&1 ; then
return
fi
\cd $OLDPWD
return
}
alias -x cd=_cd
Hello!
I want users in a certain group to be restricted to their home directory. So that they have full access to all files and folders in their home directory but the cant go to any directory above.
Does anyone know how to do this?
Anders (1 Reply)
Hello,
i need to create a user who's access is restricted only to his home directory and below,
i restricted his pty access by adding 'no-pty' to the options of the ssh key in authorized_keys file. However, sftp access still allows this user access to all my file system
thanks (5 Replies)
Hi!
i'm using FreeBSD 6.2 and hosting my pc to frens
in particular of sensitive information being saved to the PC, i would like to know is it possible for me to restrict user access to their /home dir. only?
and also, i wanted to restrict them listing files under /etc
thanks all! (10 Replies)
specifically - I don't need to restrict a user to a single directory - but I want them to be "ROOTED" to their home directory.
so if my home directory is /home/onlyme
when I login - if I do a pwd - I want to see:
/
but in real life I will be in /home/onlyme - it just appears as root to... (10 Replies)
Hi.
I have a directory structure built with links. For example: /home/user1 is a link to /var/123/user1
can i set the home variable in the .profile of the user to use a link? or it has to be a "real" directory?
tks (1 Reply)
Hi
I have a Fedora10 server and i need a particular user to view files only in a particular folder.
All other files in other folders having "read" permission for all shouldn't be accessible to this user.
Please let me know if ther's a way.
Thanks,
HG (5 Replies)
I am using Solaris 10 on SPARC.
SunOS ddw 5.10 Generic_139555-08 sun4u sparc SUNW,SPARC-Enterprise
I have put some text files in a directory '/u01/network'
I want to create a ftp user which can just read the files in the network directory. The ftp user shouldn't be able to navigate or see... (4 Replies)
hi,
I want to restrict some user access to only 1 directory (including all sub-directories/files in it).
can you please explain me, how can we do this?
example;
Filesystem GB blocks Used Free %Used Mounted on
/dev/hd4 2.61 1.02 1.59 40% /
/dev/hd2 ... (7 Replies)
I need to know how to restrict the ftpusers within their home directory in AIX 7.1
For example for ftpuser nonoftp I have tried putting this entry to /etc/ftpaccess.ctl and refreshed inetd but the directory listing unsuccessful error comes with the entry. Without the ftpaccess.ctl file ftp users... (2 Replies)
Discussion started by: pregmi
2 Replies
LEARN ABOUT OPENSOLARIS
logindevperm
logindevperm(4) File Formats logindevperm(4)NAME
logindevperm, fbtab - login-based device permissions
SYNOPSIS
/etc/logindevperm
DESCRIPTION
The /etc/logindevperm file contains information that is used by login(1) and ttymon(1M) to change the owner, group, and permissions of
devices upon logging into or out of a console device. By default, this file contains lines for the keyboard, mouse, audio, and frame buffer
devices.
The owner of the devices listed in /etc/logindevperm is set to the owner of the console by login(1). The group of the devices is set to the
owner's group specified in /etc/passwd. The permissions are set as specified in /etc/logindevperm.
If the console is /dev/vt/active, the owner of the devices is the first user logged in on the consoles (/dev/console or /dev/vt/#). Upon
this first user's logout the owner and group of these devices is reset by ttymon(1M) to owner root and root's group as specified in
/etc/passwd.
Fields are separated by a TAB or SPACE characters. Blank lines and comments can appear anywhere in the file; comments start with a hash-
mark, (#), and continue to the end of the line.
The first field specifies the name of a console device (for example, /dev/console). By default, it is /dev/vt/active, which points to the
current active console, including /dev/console and all virtual consoles (/dev/vt/#). The second field specifies the permissions to which
the devices in the device_list field (third field) are set. These permissions must be expressed in octal format, for example, 0774. A
device_list is a colon-separated list of device names. A device name must be a /dev link.
A directory or logical name in the device name can be either one of the following:
o A fully qualified name, for example, fbs.
o A regular expression, for example, [a-z0-9.]+. See regexp(5) for more information on regular expressions.
o The wildcard character * specifying all directory or node names (except . and .., for example, /dev/fbs/* specifies all frame
buffer devices.
Some examples of /etc/logindevperm file entries include:
/dev/usb/[0-9a-f]+[.][0-9a-f]+/[0-9]+/[a-z0-9.]+
/dev/usb/[0-9a-f]+[.][0-9a-f]+/[0-9]+/*
/dev/usb/[0-9a-f]+[.][0-9a-f]+/*/*
Specify all ugen(7D) endpoints and status nodes.
Drivers can also be specified to limit the permission changes to minor nodes owned by the specified drivers. For example,
/dev/console 0600 /dev/usb/[0-9a-f]+[.][0-9a-f]+/[0-9]+/*
driver=usb_mid,scsa2usb,usbprn # libusb devices
Due to the persistence of devfs(7FS) minor node management, the user should be logged in as root if the list of minor nodes will be reduced
and the devices should all be plugged in.
Once the devices are owned by the user, their permissions and ownership can be changed using chmod(1) and chown(1), as with any other user-
owned file.
Upon logout the owner and group of these devices are reset by ttymon(1M) to owner root and root's group as specified in /etc/passwd (typi-
cally other). The permissions are set as specified in the /etc/logindevperm file.
FILES
/etc/passwd File that contains user group information.
SEE ALSO chmod(1), chown(1), login(1), ttymon(1M), passwd(4), regexp(5), ugen(7D)NOTES
/etc/logindevperm provides a superset of the functionality provided by /etc/fbtab in SunOS 4.x releases.
SunOS 5.11 25 Sep 2008 logindevperm(4)