01-11-2011
There is an open source application called "chrsh" that will provide a chroot'ed shell access. This should provide the features you are looking for.
10 More Discussions You Might Find Interesting
1. Solaris
Hi all,
I am using Sun OS 5.10. I am new to Unix.
Is there some way to restrict a specific user to certain command say "/usr/bin/more" ??
for example: I want that user1 can execute more command & user2 can't.
Can we somehow edit .profile file in the home directory of user to achieve... (1 Reply)
Discussion started by: vikas027
1 Replies
2. AIX
Hello
I have a question in Aix 5.3 can I create a user, that only can see a specify path.
I mean the user log in the default path its /home/newuser he type cd the path that need to check /example/directory_check but if he wants to go to / or any other path. we can not do this.
I only... (1 Reply)
Discussion started by: lo-lp-kl
1 Replies
3. UNIX for Advanced & Expert Users
Hi
I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders.
/export/home/kapil/shared,
/export/home/kapil/shared/Folder1
/export/home/kapil/shared/Folder2
These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies
4. UNIX for Dummies Questions & Answers
Hi everyone !
I got "viewer" and "root" user on a *nix computer. When i log in using "viewer" I only can use "df" command. When I try another command like "ls" it say :
-bash: ls: command not found
I checked permission of "/bin/ls" file, it has excute permission for everyone. Inside home... (4 Replies)
Discussion started by: camus
4 Replies
5. Red Hat
Hi
I have a Fedora10 server and i need a particular user to view files only in a particular folder.
All other files in other folders having "read" permission for all shouldn't be accessible to this user.
Please let me know if ther's a way.
Thanks,
HG (5 Replies)
Discussion started by: Hari_Ganesh
5 Replies
6. UNIX for Dummies Questions & Answers
Hi All,
How can we restrict a particular user access to a particular shell in solaris 10.
Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies
7. Red Hat
Hi there
I have an application user on my system that wants accesses to these file systems as such:
rwx:
/SAPO
/SAPS12
/R3_888
/R3_888B
/R3_888F
/R3_888R
r:
/usr/sap
these are the existing FS permissions:ownerships:
# ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies
8. AIX
hi,
I want to restrict some user access to only 1 directory (including all sub-directories/files in it).
can you please explain me, how can we do this?
example;
Filesystem GB blocks Used Free %Used Mounted on
/dev/hd4 2.61 1.02 1.59 40% /
/dev/hd2 ... (7 Replies)
Discussion started by: aaron8667
7 Replies
9. HP-UX
Dear Concern,
We want to restrict ssh for particular user "oracle". Our HP UX version is as below. Please advise.
# uname -a
HP-UX tabsdb02 B.11.31 U ia64 2963363594 unlimited-user license (2 Replies)
Discussion started by: makauser
2 Replies
10. Web Development
Hello,
I need help in Apache to restrict user for number of concurrent connection. its basically related to nagios monitoring site. End user opening N no of tab to monitor and it increase load on server.
any setting will help me here. (3 Replies)
Discussion started by: ghpradeep
3 Replies
LEARN ABOUT FREEBSD
chroot
CHROOT(2) BSD System Calls Manual CHROOT(2)
NAME
chroot -- change root directory
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
chroot(const char *dirname);
DESCRIPTION
The dirname argument is the address of the pathname of a directory, terminated by an ASCII NUL. The chroot() system call causes dirname to
become the root directory, that is, the starting point for path searches of pathnames beginning with '/'.
In order for a directory to become the root directory a process must have execute (search) access for that directory.
It should be noted that chroot() has no effect on the process's current directory.
This call is restricted to the super-user.
Depending on the setting of the 'kern.chroot_allow_open_directories' sysctl variable, open filedescriptors which reference directories will
make the chroot() fail as follows:
If 'kern.chroot_allow_open_directories' is set to zero, chroot() will always fail with EPERM if there are any directories open.
If 'kern.chroot_allow_open_directories' is set to one (the default), chroot() will fail with EPERM if there are any directories open and the
process is already subject to the chroot() system call.
Any other value for 'kern.chroot_allow_open_directories' will bypass the check for open directories
RETURN VALUES
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the
error.
ERRORS
The chroot() system call will fail and the root directory will be unchanged if:
[ENOTDIR] A component of the path name is not a directory.
[EPERM] The effective user ID is not the super-user, or one or more filedescriptors are open directories.
[ENAMETOOLONG] A component of a pathname exceeded 255 characters, or an entire path name exceeded 1023 characters.
[ENOENT] The named directory does not exist.
[EACCES] Search permission is denied for any component of the path name.
[ELOOP] Too many symbolic links were encountered in translating the pathname.
[EFAULT] The dirname argument points outside the process's allocated address space.
[EIO] An I/O error occurred while reading from or writing to the file system.
SEE ALSO
chdir(2), jail(2)
HISTORY
The chroot() system call appeared in 4.2BSD. It was marked as ``legacy'' in Version 2 of the Single UNIX Specification (``SUSv2''), and was
removed in subsequent standards.
BUGS
If the process is able to change its working directory to the target directory, but another access control check fails (such as a check for
open directories, or a MAC check), it is possible that this system call may return an error, with the working directory of the process left
changed.
SECURITY CONSIDERATIONS
The system have many hardcoded paths to files where it may load after the process starts. It is generally recommended to drop privileges
immediately after a successful chroot call, and restrict write access to a limited subtree of the chroot root, for instance, setup the sand-
box so that the sandboxed user will have no write access to any well-known system directories.
BSD
January 3, 2012 BSD