07-13-2012
What you really want is some other options, not different versions of /etc/fstab to mount filesystems specifically for each user. That is possible, you will wish you never tried it, IMO. Basically it involves booting Linux from a flash drive that each user carries around. And the system becomes unbootable without a flash drive. And userA can give his flash drive to userB, then userC flushes his down the toilet by accident. No.
One best bet is to chroot the staff user and mount the disks(s) you want so they can be seen in the chroot jail. This is a major exercise if you've never done - google for 'chroot jail tutorial'
A simpler option is to use ACL's on the mountpoints of any disk/filesystem you want to control. Disallow access by the user staff for those mountpoints. The affected user can do a df -h but will just get errors. They cannot do ANYTHING on those drives. Just be sure you do not block them completely out of system directories like /usr, /etc, /tmp,
/var/tmp and so on. You can prevent staff from writing to /usr, but that should be the default anyway for every user except root.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I have a script that backs up our storage drive daily to one external drive and weekly to another. What I'd like to do is find a way, in the script, to test whether the drives are mounted so that it doesn't accidentally fill up the main drive in the event of a drive failure, etc. Any ideas on how... (1 Reply)
Discussion started by: spectre_240sx
1 Replies
2. AIX
Hello,
I am not the AIX guru..
This might seem simple for a lot but I am not sure where to start.. So here is my question:
I have a unix account on a remote site. My UID is 999999.
Now I need to create my account at my main site, with the same UID. So i have to make sure the UID 999999 is... (1 Reply)
Discussion started by: maxalarie
1 Replies
3. UNIX for Advanced & Expert Users
Hi All!
I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses).
OS : Red hat linux
Thanks!
nua7 (6 Replies)
Discussion started by: nua7
6 Replies
4. Solaris
Hi all,
i have a question about directory accessing.
Question: therese is a x user which can login system, x user can only access specific directories on the system, even y directory has r-x access right for OTHER, x user will not access the y directory.
this x user must access specific... (4 Replies)
Discussion started by: nibiru78
4 Replies
5. Solaris
I'm trying to setup Samba in a solaris zone... Is there a way to setup Samba so that every Windows machine that tries to connect to the share always gets it mounted under the same drive letter (e.g. H:)???
My Samba share (in smb.conf)
/home/pickup
I want that all Window users get it mounted... (3 Replies)
Discussion started by: verdepollo
3 Replies
6. Shell Programming and Scripting
Hi there
I have an SFTP over Solaris as well it runs Samba. I need some users (outsiders) to use my SFTP facility as well to use the Samba. However i don't want them do anything else except file transferring via SFTP or Samba.
I was thinking to customize their Shell so that they would not run... (1 Reply)
Discussion started by: Time_Racer
1 Replies
7. Shell Programming and Scripting
Hello All,
I am trying trying to write a shell script that will do a couple things:
1.) Identify any username that logs into the server.
2.) When the user logs out, send them an email detailing
their log in/out times, duration logged in, and what
processes they ran.
Basically,... (3 Replies)
Discussion started by: SecureScript
3 Replies
8. Shell Programming and Scripting
Hi,
i am new to shell scripts, i need to write a script that can monitor size of directory of specific users. Please help.
Thanks,
Nitin (2 Replies)
Discussion started by: nicksrulz
2 Replies
9. UNIX for Advanced & Expert Users
We have server which is connected with more than 10 thin client machine. I have tried to block the websites ( facebook, orkut,twitter ) for all the users. it works fine for me. But , I want to block for particular user ( thinclient ) or by the way of IP address of machine. How can I do that. (3 Replies)
Discussion started by: pavun_cool
3 Replies
10. Solaris
Dear friends,
:)
I create new user
useradd -g other -d /export/home/sltftp -m -s /bin/bash -c "SLT user account for TMA ftp backup" sltftp
now i need do restrict thees
chmod
delete
overwrite
rename
from this user:(for all the files in the server ,sltftp user can only able to download... (4 Replies)
Discussion started by: darakas
4 Replies
LEARN ABOUT DEBIAN
adt-virt-chroot
adt-virt-chroot(1) Linux Programmer's Manual adt-virt-chroot(1)
NAME
adt-virt-chroot - autopkgtest virtualisation server using a chroot
SYNOPSYS
adt-virt-chroot [options] =[chroot-name]
adt-virt-chroot [options] [-rgain-root-cmd] /path/to/chroot
DESCRIPTION
adt-virt-chroot provides an autopkgtest virtualisation server using a chroot install (or similar).
Normally adt-virt-chroot will be invoked by adt-run.
The chroot to use must be specified. If it starts with a = character then it is taken to be a chroot name known to dchroot(8). Otherwise
it must start with a / and will be taken to an absolute path.
OPTIONS
--gain-root|-r gain-root-cmd
Specifies that adt-virt-chroot can become root (on the host) by prefixing its commands with gain-root-cmd. The command may consist
of several words separated by whitespace, in which case words other than the first are supplied as additional arguments to the com-
mand; other shell (or other) metacharacters in gain-root-cmd are not interpreted or modified by adt-virt-chroot. The actual command
to be run as root, and its arguments, are supplied as additional (separate) arguments to gain-root-cmd.
Root privilege is needed, to successfully run chroot(8), if the chroot to use is specified as an absolute path. The default is not
to take any special action when root will be needed, in which case for an absolute path chroot, adt-virt-chroot must be started as
root.
-d | --debug
Enables debugging output. Probably not hugely interesting.
INPUT, OUTPUT AND EXIT STATUS
The behaviour of adt-virt-chroot is as described by the AutomatedTesting virtualisation regime specification.
SEE ALSO
adt-run(1), adt-virt-null(1), adt-virt-xenlvm(1), /usr/share/doc/autopkgtest/.
AUTHORS AND COPYRIGHT
This manpage is part of autopkgtest, a tool for testing Debian binary packages. autopkgtest is Copyright (C) 2006-2007 Canonical Ltd and
others.
See /usr/share/doc/autopkgtest/CREDITS for the list of contributors and full copying conditions.
autopkgtest 2007 adt-virt-chroot(1)