06-02-2015
Limit bash/sh user's access to a specific directory
Hello Team,
I have Solaris 10 u6
I have a user test1 using bash that belong to the group staff.
I would like to restrict this user to navigate only in his home directory and his subfolders but not not move out to other directories.
How can I do it ?
Thanks in advance
10 More Discussions You Might Find Interesting
1. Solaris
I need to create a user account for a developer that will allow him rwx access to all resources in a directory. How can I do that?
Thanks (5 Replies)
Discussion started by: gsander
5 Replies
2. Solaris
is there a way to create a user and limit him to read,write and execute only in one direcotry.
the directory is already exsist and it belongs to dba group.
i would like to make this user can't even cd to another directory or even if he can he cant do anything in the other directories.
if... (7 Replies)
Discussion started by: q8devilish
7 Replies
3. UNIX for Advanced & Expert Users
Hello,
We need to log the operations that specific user on Solaris 10 (SPARC) is performing on one directory and it's contents. I was able to configure solaris auditing service (auditd) and it works fine. The only problem is that auditd logs huge amount of unneeded information. We need to log... (0 Replies)
Discussion started by: +Yan
0 Replies
4. AIX
We have gotten an application that will read and display logs in a report format. The application need a user name and password to access the AIX servers where the logs reside. My problem is the logs are in a few different file systems on the server. Is there any way to lock the user to only the... (1 Reply)
Discussion started by: daveisme
1 Replies
5. Shell Programming and Scripting
is is possible to grant user access to only one subdirectory? example
a. create ftp user with read/write/delete access (ftp user doesnt belong to uguys group)
$ cd /etc/mydir
$ls
file1 file2
$ls -al
-rw-rw-r-x 2 unixguy uguys 96 Dec 8 12:53 file1
-rw-rw-r-x 2 unixguy uguys 96... (0 Replies)
Discussion started by: lhareigh890
0 Replies
6. UNIX for Advanced & Expert Users
Is there a way to allow a user to use sudo cp on a specific directory and only a specific file? (6 Replies)
Discussion started by: cokedude
6 Replies
7. Solaris
Dear friends,
:)
I create new user
useradd -g other -d /export/home/sltftp -m -s /bin/bash -c "SLT user account for TMA ftp backup" sltftp
now i need do restrict thees
chmod
delete
overwrite
rename
from this user:(for all the files in the server ,sltftp user can only able to download... (4 Replies)
Discussion started by: darakas
4 Replies
8. Solaris
Hi,
I have searched "Limit FTP user's access to a specific directory" subject for 3 days. I found proftp and vsftp but i couldn't compile and install. Is there any idea. Please suggest. (6 Replies)
Discussion started by: hamurd
6 Replies
9. UNIX and Linux Applications
Hi to all,
I am new to Linux. but i am facing issue with my web server in Ubuntu 11.10.
In my webserver i want to restrict maximum users website access (e.g., suppose i want to restrict users to access web to 250 persons in single time). So can you please suggest me to how to do that in... (1 Reply)
Discussion started by: Chintanghanti
1 Replies
10. UNIX for Advanced & Expert Users
Hello,
I have a a directory dir1 with permissions 700 (yes wantedly) and is owned by user1:group1
rwx------ user1 group1 dir1I need to give permissions to user2 (belongs to group2) on dir1 and its files, so I granted the permissions using setfacl ; instead of adding the user to groups and... (3 Replies)
Discussion started by: karumudi7
3 Replies
LEARN ABOUT CENTOS
cgrules.conf
CGRULES.CONF(5) libcgroup Manual CGRULES.CONF(5)
NAME
cgrules.conf - libcgroup configuration file
DESCRIPTION
cgrules.conf configuration file is used by libcgroups to define control groups to which a process belongs.
The file contains a list of rules which assign to a defined group/user a control group in a subsystem (or control groups in subsystems).
Rules have two formats:
<user> <controllers> <destination>
<user>:<process name> <controllers> <destination>
Where:
user can be:
- a user name
- a group name with @group syntax
- the wildcard '*', for any user or group
- '%', which is equivalent to "ditto" (useful for
multi-line rules where different cgroups need to be
specified for various hierarchies for a single user)
process name is optional and it can be:
- a process name
- a full command path of a process
controllers can be:
- comma separated controller names (no spaces) or
- * (for all mounted controllers)
destination can be:
- path relative to the controller hierarchy (ex. pgrp1/gid1/uid1)
- following strings called "templates" and will get expanded
%u username, uid if name resolving fails
%U uid
%g group name, gid if name resolving fails
%G gid
%p process name, pid if name not available
%P pid
'' can be used to escape '%'
First rule which matches the criteria will be executed.
Any text starting with '#' is considered as a start of comment line and is ignored.
If the destination contains template string, the control group can be created on-fly. In time when some process wants to use the template
rule which leads to control group (see cgexec (1)) and the control group does not exist, the group is created. The template control group
parameters can be specified in cgconfig.conf configuration file. See (cgconfig.conf (5)). If the template definition is not found there
created group have default kernel setting.
EXAMPLES
student devices /usergroup/students
Student's processes in the 'devices' subsystem belong to the control group /usergroup/students.
student:cp devices /usergroup/students/cp
When student executes 'cp' command, the processes in the 'devices' subsystem belong to the control group /usergroup/students/cp.
@admin * admingroup/
Processes started by anybody from admin group no matter in what subsystem belong to the control group admingroup/.
peter cpu test1/
% memory test2/
The first line says Peter's task for cpu controller belongs to test1 control group. The second one says Peter's tasks for memory controller
belong to test2/ control group.
* * default/
All processes in any subsystem belong to the control group default/. Since the earliest matched rule is applied, it makes sense to have
this line at the end of the list. It will put a task which was not mentioned in the previous rules to default/ control group.
@students cpu,cpuacct students/%u
Processes in cpu and cpuacct subsystems started by anybody from students group belong to group students/name. Where "name" is user name of
owner of the process.
FILES
/etc/cgrules.conf
default libcgroup configuration file
SEE ALSO
cgconfig.conf (5), cgclassify (1), cgred.conf (5)
BUGS
Linux 2009-03-10 CGRULES.CONF(5)