04-07-2004
I don't think you will get a simple answer on this one. You may want to google for chroot or restricted shell. It really depends on how much effort you want to put into it and what kind of access the users will have. If you plan to only give a user FTP access, chroot may work. If they are only telneting, ksh -r (restricted shell) may work. In either case there is a tedious set up and you have to be very meticulous about your permissions and umasks. I have played with chroot and ksh -r a few times but have never really had the need to fully jail users in the environments I have worked in. Someone from an ISP may be able to give you more guidance but I figured something was better then nothing.
7 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I'm trying to establish a jail on a FBSD 6.1 system and have a couple of questions on bringing up the daemon.
Under the jail man page there are two user flags that I am unclear on,
-u username The user name from host environment as whom the command
should run.
-U... (1 Reply)
Discussion started by: thumper
1 Replies
2. What is on Your Mind?
Enough of boring techie topics!! Vote on Paris Hilton and her jail time!! What do you think? (9 Replies)
Discussion started by: Neo
9 Replies
3. UNIX for Dummies Questions & Answers
I was reading an article on how it is very important to setup a chroot jail to run bind. I can follow what the article says but one thing I am unclear about is now on system boot the BIND process in the chroot jail will start since it the owner will no longer be root but some other user. Can... (1 Reply)
Discussion started by: mojoman
1 Replies
4. Solaris
Hi Gurus,
I am creating a user for ftp only on Solaris 10. However while testing I can see user can reach to root directory.
I followed following while creating the user
1 Created a shell in /usr/bin/ftponly as chmod a+x to ftponly
2 Placed the entry in /etc/shells
... (2 Replies)
Discussion started by: kumarmani
2 Replies
5. UNIX for Advanced & Expert Users
I have a developer that needs ssh access to a server to get to a specific directory. I want to restrict them to that directory. I've tried to set their shell as rksh which does jail them but only if they are using ssh from another unix system. If they are using putty or winscp they can still... (2 Replies)
Discussion started by: toor13
2 Replies
6. Cybersecurity
Hi all,
I want to jail a process in his folder, so he can't have any link with a parent folder.
Ex. If i'm a hacker, and I can upload my script & and I can start it, i'll could go to ../, /etc/passwd, etc..
So what I did is to chroot the process :
I copied all libraries used by the... (1 Reply)
Discussion started by: Deb.I.am
1 Replies
7. Cybersecurity
Hello people,
I'm creating a web game control panel, where people can manage their gameserver on a php made control panel.
But i have no idea how to create an jailed inviroment for the gameserver,
I've looked at possebilites for chroot, but i don't want the gameserver has any binaries of linux... (1 Reply)
Discussion started by: gm33
1 Replies
LEARN ABOUT OPENDARWIN
chroot
CHROOT(8) BSD System Manager's Manual CHROOT(8)
NAME
chroot -- change root directory
SYNOPSIS
chroot [-u -user] [-g -group] [-G -group,group,...] newroot [command]
DESCRIPTION
The chroot utility changes its current and root directories to the supplied directory newroot and then exec's command, if supplied, or an
interactive copy of the user's login shell.
If the -u, -g or -G options are given, the user, group and group list of the process are set to these values after the chroot has taken
place. See setgid(2), setgroups(2), setuid(2), getgrnam(3) and getpwnam(3).
Note, command or the shell are run as your real-user-id.
ENVIRONMENT
The following environment variable is referenced by :
SHELL If set, the string specified by SHELL is interpreted as the name of the shell to exec. If the variable SHELL is not set, /bin/sh is
used.
SEE ALSO
chdir(2), chroot(2), environ(7), jail(8)
HISTORY
The chroot utility first appeared in 4.4BSD.
SECURITY CONSIDERATIONS
chroot should never be installed setuid root, as it would then be possible to exploit the program to gain root privileges.
BSD
January 24, 2002 BSD