Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to restrict user to one folder alone when they log in
Top Forums UNIX for Dummies Questions & Answers How to restrict user to one folder alone when they log in Post 302487236 by methyl on Tuesday 11th of January 2011 06:39:07 PM
Old 01-11-2011
It would also be helpful to know what the user is allowed to do.

The Resricted Shell suggested above is a very good recommendation. In addition you will need to force a Restricted Path in the profile file and point it only to a directory containing a copy of the unix commands which the user is allowed to use.
This is hard work to set up and I have had to do it for users on technical training courses totally unrelated to the main operation of the server. Always assume that the trainee can Google common hacks. Dangerous programs are the likes of "vi" and "more" which can allow breakout to Shell. If in doubt don't let the user access the program or data.
Advise enable long Shell history on Restricted accounts and analyse the content. 99% will be boring. [There are legal issues here where you need to warn staff that access is monitored. I am not a lawyer so DYOR].
 

10 More Discussions You Might Find Interesting

1. Solaris

restrict a user to certain command

Hi all, I am using Sun OS 5.10. I am new to Unix. Is there some way to restrict a specific user to certain command say "/usr/bin/more" ?? for example: I want that user1 can execute more command & user2 can't. Can we somehow edit .profile file in the home directory of user to achieve... (1 Reply)
Discussion started by: vikas027
1 Replies

2. AIX

New user and restrict path

Hello I have a question in Aix 5.3 can I create a user, that only can see a specify path. I mean the user log in the default path its /home/newuser he type cd the path that need to check /example/directory_check but if he wants to go to / or any other path. we can not do this. I only... (1 Reply)
Discussion started by: lo-lp-kl
1 Replies

3. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

4. UNIX for Dummies Questions & Answers

Restrict command for an user ?

Hi everyone ! I got "viewer" and "root" user on a *nix computer. When i log in using "viewer" I only can use "df" command. When I try another command like "ls" it say : -bash: ls: command not found I checked permission of "/bin/ls" file, it has excute permission for everyone. Inside home... (4 Replies)
Discussion started by: camus
4 Replies

5. Red Hat

Restrict user to a particular directory

Hi I have a Fedora10 server and i need a particular user to view files only in a particular folder. All other files in other folders having "read" permission for all shouldn't be accessible to this user. Please let me know if ther's a way. Thanks, HG (5 Replies)
Discussion started by: Hari_Ganesh
5 Replies

6. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

7. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

8. AIX

How to restrict user to a particular directory?

hi, I want to restrict some user access to only 1 directory (including all sub-directories/files in it). can you please explain me, how can we do this? example; Filesystem GB blocks Used Free %Used Mounted on /dev/hd4 2.61 1.02 1.59 40% / /dev/hd2 ... (7 Replies)
Discussion started by: aaron8667
7 Replies

9. HP-UX

Restrict ssh for particular user

Dear Concern, We want to restrict ssh for particular user "oracle". Our HP UX version is as below. Please advise. # uname -a HP-UX tabsdb02 B.11.31 U ia64 2963363594 unlimited-user license (2 Replies)
Discussion started by: makauser
2 Replies

10. Web Development

Restrict user for certain number of connection

Hello, I need help in Apache to restrict user for number of concurrent connection. its basically related to nagios monitoring site. End user opening N no of tab to monitor and it increase load on server. any setting will help me here. (3 Replies)
Discussion started by: ghpradeep
3 Replies

LEARN ABOUT HPUX

smh

smh(1M) 																   smh(1M)

NAME

       smh - HP System Management Homepage (HP SMH).

SYNOPSIS

       [ | | | ]

DESCRIPTION

       The  command launches HP System Management Homepage (HP SMH) for performing system administration on an HP-UX system. HP SMH is an enhanced
       version of HP System Administration Manager (HP SAM). HP SMH provides web-based graphical user interface  (GUI),  terminal  user  interface
       (TUI),  and command line interface (CLI). You can access these interfaces using the smh command. However, you can also use the sam(1M) com-
       mand. The sam(1M) command behaves the same as the smh(1M) command except that the deprecation message is displayed in  the  beginning.  For
       more information on HP SAM, refer sam(1M) manpage.

       When  you  run  either  the  command or the command and if the environment variable is set, HP SMH opens in the default web browser. If the
       environment variable is not set, HP SMH opens in the terminal user interface (TUI).

   Options
       recognizes the following options.

	      Launches HP SMH on a web browser without security warnings.

	      Launches HP SMH on a web browser with security warnings.

	      The -r option applies only to the TUI of HP SMH. This option invokes Restricted SMH which, enables the system administrator to
			assign limited privileged user access to SMH functionality. You must be a privileged user to use  this	option.   See  the
			section below for more information.

	      The  -p option applies only to the CLI of HP SMH. This option invokes the /opt/propplus/bin/cprop command which, provides a command-
	      line interface to most of the information available from the HP SMH property pages.  The -p option can be used with  different  com-
	      mands to view information about hardware and software, operating system, network and other system devices.
			See the cprop(1) manpage for more information on the command and the option parameters.

   Restricted SMH
       SMH  can  be configured to provide a subset of its functionality to certain users or groups of users.  This is done through Restricted SMH.
       System administrators access Restricted SMH by invoking SMH with the option (see "Options" above).  In Restricted SMH,  system  administra-
       tors may assign subsets of SMH functionality on a per-user or per-group basis.

       Generally,  SMH requires privileged user rights to execute successfully.  However, through the use of Restricted SMH, SMH can be configured
       to allow subsets of its capabilities to be used by non-privileged users.  When Restricted SMH is used, non-privileged users are promoted to
       privileged users when necessary to enable them to execute successfully.

       By  default,  Restricted  SMH  executes	all applications as privileged user.  However, certain applications like software distributor have
       their own security mechanism and do not follow the Restricted SMH  security  model.   In  such  cases,  the  application  launched  through
       Restricted SMH will be executed with the login id of the user who invokes it.

       A  non-privileged  user	that  has been given Restricted SMH privileges simply executes and sees only those areas the user is privileged to
       access.

       All the SMH functional areas require the user to be promoted to be a privileged user in order to execute successfully.  SMH does this auto-
       matically as needed.

       SMH provides a default set of SMH functional areas that the system administrator can assign to other users.

       Restricted SMH does not apply to web-based GUI of HP SMH from HP-UX 11i v3 release as HP SMH has its own roles. For more information, refer
       HP SMH documentation available at http:/ /docs.hp.com and the HP SMH product online help system.

   Logging
       For information on logging, see samlog_viewer(1).

AUTHOR

       was developed by HP.

SEE ALSO

       sam(1M), samlog_viewer(1), ugweb(1M), evweb(9), fsweb(1M), secweb(1M),  ncweb(1M),  hpsmh(1M),  kcweb(1M),  parmgr(1M),	pdweb(1M),  smhas-
       sist(1M), smhstartconfig(1M), intro(7), cprop(1), HP SMH White Paper available at http://www.docs.hp.com

																	   smh(1M)
All times are GMT -4. The time now is 10:26 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy