Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: creating user on SUSE Linux
Operating Systems Linux SuSE creating user on SUSE Linux Post 302443595 by Corona688 on Monday 9th of August 2010 12:29:21 PM
Old 08-09-2010
I repeat: A lot depends on your FTP server. (What is it?) I think proftpd will let you restrict a user to one particular directory, and might even be able to arrange a chroot jail.

That would be highly secure -- as far as his login would be concerned, directories above the one he's chrooted into simply wouldn't exist. If you want to restrict him to one and only one directory and not even know others exist, chroot is what you want.

But, doing that depends on your FTP server.

Being able to create files in directories owned by root is normal if the directory is world-writable or he belongs to a group which is allowed to write to it. WARNING -- if he is able to create files in a directory, he may be able to delete files owned by anyone there as well! This is because file deletion is controlled by directory write permissions, not file ownership. (There are some obscure options in some filesystems to change this behavior.) An example in my home directory:
Code:
$ sudo touch something
Password:
$ ls -l something
-rw-r--r-- 1 root root 0 Aug  9 10:34 something
$ rm something
rm: remove write-protected regular empty file `something'? y
$

Make sure he doesn't belong to any groups he doesn't need to belong to.
Last edited by Corona688; 08-09-2010 at 01:37 PM..
 

4 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

new SuSE User

Hello everybody! I'm Fabian from Germany near Hannover. I bought SuSE 7.1 before 3 days . I want use SuSE as a PHPserver! (My english is very bad) Now my question: Is SuSE or Rad Hat better for this problem? On my system is always run SuSE 7.1 now, but I think Rad Hat is better for this... (4 Replies)
Discussion started by: Fabian
4 Replies

2. UNIX for Dummies Questions & Answers

[LINUX] Creating new user accounts

I've had Linux when I was young, on one of our first computers and learned it pretty quickly... However, I've been working on Windows for about 7 years now and just made the switch back to Linux, Mandrake 9.1. So I have some problem with creating new user accounts. I could create one, but once I... (3 Replies)
Discussion started by: Arendo
3 Replies

3. Shell Programming and Scripting

How to write bash script for creating user on multiple Linux hosts?

I wonder whether someone can help me with what I'm trying to achieve Basically, the objective is one script to create new user on more than 70 linux hosts if required. Everything works apart from the highlighted part. It gave me an output passwd: Unknown user name ''. when try to set... (35 Replies)
Discussion started by: fugeulu
35 Replies

4. UNIX for Advanced & Expert Users

Prevent user from creating new user from his login

Hi Experts, Need your support Redhat 6.5 I want to create a user with all(read, write, execute) privileges except that user should not be able to create any new user from his login to perform any task. (10 Replies)
Discussion started by: as7951
10 Replies

LEARN ABOUT HPUX

chroot

chroot(2)							System Calls Manual							 chroot(2)

NAME

       chroot() - change root directory

SYNOPSIS

DESCRIPTION

       causes  the named directory to become the root directory, the starting point for path searches for path names beginning with path points to
       a path name naming a directory.	The user's working directory is unaffected by the system call.

       The entry in the root directory is interpreted to mean the root directory itself.  Thus, cannot be used to access files outside the subtree
       rooted at the root directory.

   Security Restrictions
       The effective user ID of the process must be a user with the privilege to change the root directory.

       See privileges(5) for more information about privileged access on systems that support fine-grained privileges.

RETURN VALUE

       returns the following values:

	      Successful completion.
	      Failure.
		     is set to indicate the error.

ERRORS

       fails and the root directory remains unchanged if one or more of the following is true:

	      Any component of the path name is not a directory.

	      The named directory does not exist or a component of the
			     path does not exist.

	      The effective user
			     ID is not a user who has the privilege.

	      path	     points  outside  the  allocated address space of the process.  The reliable detection of this error is implementation
			     dependent.

	      The length of the specified path name exceeds
			     bytes, or the length of a component of the path name exceeds bytes while is in effect.

	      Too many symbolic links were encountered in translating the path
			     name.

WARNINGS

   Obsolescent Interfaces
       is to be obsoleted at a future date.

SEE ALSO

       chroot(1M), chdir(2), privileges(5).

STANDARDS CONFORMANCE

								  TO BE OBSOLETED							 chroot(2)
All times are GMT -4. The time now is 01:08 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy