07-13-2010
What about a chroot with hard links to the three directories???
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Gud day :)
We have a limited user login so we want to restrict 1 login per user. We have added below script in each user's profile but it is not working :confused: , I displayed the output for COUNT (by inserting echo command) but the value is always 1. Hope you could help me.
Thanks ;) ... (3 Replies)
Discussion started by: lancemendioro
3 Replies
2. AIX
Hello,
Sorry for my poor English.
I have to reduce rights for a user on AIX system so that:
When he does , he find in output, only filesystems on which he has permissions
.He can't do to change user.
Very thanks for helping. (2 Replies)
Discussion started by: edosseh
2 Replies
3. IP Networking
Hi
Good Day, i would like to ask for further info about my problems experiencing this evening. Im a PPP0 connection in the internet using 3G located in asia pacific region.i had this problem this evening in my INTERNET connections that there are some sites i can't open example ( Gizmodo.com,... (2 Replies)
Discussion started by: jao_madn
2 Replies
4. UNIX and Linux Applications
I have nagios contacts set up, and these successfully limit access to view hosts and services in the nagios web UI.
But pnp4nagios gives access to all graphs (by editing the hostname and service name in the URL) - it does not respect the nagios-defined access controls. (0 Replies)
Discussion started by: ahmad.zuhd
0 Replies
5. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
So my problem is: 4990 of 5000 users should be able to access a file. How can this be accomplished.
2.... (1 Reply)
Discussion started by: protiss
1 Replies
6. Cybersecurity
can we use semantec or any kind of software in ubuntu/linux to limit access of a user to edit a specific file?
example:::
a. will not play media player or use usb.
we will edit blacklist.conf to do this. however user should still be able to do apt-get install, shutdown, edit other files etc.... (1 Reply)
Discussion started by: lhareigh890
1 Replies
7. Solaris
Dear friends,
:)
I create new user
useradd -g other -d /export/home/sltftp -m -s /bin/bash -c "SLT user account for TMA ftp backup" sltftp
now i need do restrict thees
chmod
delete
overwrite
rename
from this user:(for all the files in the server ,sltftp user can only able to download... (4 Replies)
Discussion started by: darakas
4 Replies
8. Solaris
Hi,
I have searched "Limit FTP user's access to a specific directory" subject for 3 days. I found proftp and vsftp but i couldn't compile and install. Is there any idea. Please suggest. (6 Replies)
Discussion started by: hamurd
6 Replies
9. UNIX and Linux Applications
Hi to all,
I am new to Linux. but i am facing issue with my web server in Ubuntu 11.10.
In my webserver i want to restrict maximum users website access (e.g., suppose i want to restrict users to access web to 250 persons in single time). So can you please suggest me to how to do that in... (1 Reply)
Discussion started by: Chintanghanti
1 Replies
10. Solaris
Hello Team,
I have Solaris 10 u6
I have a user test1 using bash that belong to the group staff.
I would like to restrict this user to navigate only in his home directory and his subfolders but not not move out to other directories.
How can I do it ?
Thanks in advance (1 Reply)
Discussion started by: csierra
1 Replies
LEARN ABOUT FREEBSD
chroot
CHROOT(2) BSD System Calls Manual CHROOT(2)
NAME
chroot -- change root directory
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
chroot(const char *dirname);
DESCRIPTION
The dirname argument is the address of the pathname of a directory, terminated by an ASCII NUL. The chroot() system call causes dirname to
become the root directory, that is, the starting point for path searches of pathnames beginning with '/'.
In order for a directory to become the root directory a process must have execute (search) access for that directory.
It should be noted that chroot() has no effect on the process's current directory.
This call is restricted to the super-user.
Depending on the setting of the 'kern.chroot_allow_open_directories' sysctl variable, open filedescriptors which reference directories will
make the chroot() fail as follows:
If 'kern.chroot_allow_open_directories' is set to zero, chroot() will always fail with EPERM if there are any directories open.
If 'kern.chroot_allow_open_directories' is set to one (the default), chroot() will fail with EPERM if there are any directories open and the
process is already subject to the chroot() system call.
Any other value for 'kern.chroot_allow_open_directories' will bypass the check for open directories
RETURN VALUES
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the
error.
ERRORS
The chroot() system call will fail and the root directory will be unchanged if:
[ENOTDIR] A component of the path name is not a directory.
[EPERM] The effective user ID is not the super-user, or one or more filedescriptors are open directories.
[ENAMETOOLONG] A component of a pathname exceeded 255 characters, or an entire path name exceeded 1023 characters.
[ENOENT] The named directory does not exist.
[EACCES] Search permission is denied for any component of the path name.
[ELOOP] Too many symbolic links were encountered in translating the pathname.
[EFAULT] The dirname argument points outside the process's allocated address space.
[EIO] An I/O error occurred while reading from or writing to the file system.
SEE ALSO
chdir(2), jail(2)
HISTORY
The chroot() system call appeared in 4.2BSD. It was marked as ``legacy'' in Version 2 of the Single UNIX Specification (``SUSv2''), and was
removed in subsequent standards.
BUGS
If the process is able to change its working directory to the target directory, but another access control check fails (such as a check for
open directories, or a MAC check), it is possible that this system call may return an error, with the working directory of the process left
changed.
SECURITY CONSIDERATIONS
The system have many hardcoded paths to files where it may load after the process starts. It is generally recommended to drop privileges
immediately after a successful chroot call, and restrict write access to a limited subtree of the chroot root, for instance, setup the sand-
box so that the sandboxed user will have no write access to any well-known system directories.
BSD
January 3, 2012 BSD