Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how can i jail a user?
Operating Systems Linux how can i jail a user? Post 49860 by byblyk on Monday 12th of April 2004 02:21:10 PM
Old 04-12-2004
Actuily i'm using Wu-ftp but i'm in the process of setting up my system again so i may this time use ProFtp, just cause it seems to be so popular.
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

FBSD jail question

I'm trying to establish a jail on a FBSD 6.1 system and have a couple of questions on bringing up the daemon. Under the jail man page there are two user flags that I am unclear on, -u username The user name from host environment as whom the command should run. -U... (1 Reply)
Discussion started by: thumper
1 Replies

2. What is on Your Mind?

Should Paris Hilton be in Jail?

Enough of boring techie topics!! Vote on Paris Hilton and her jail time!! What do you think? (9 Replies)
Discussion started by: Neo
9 Replies

3. UNIX for Dummies Questions & Answers

How to start a chroot jail?

I was reading an article on how it is very important to setup a chroot jail to run bind. I can follow what the article says but one thing I am unclear about is now on system boot the BIND process in the chroot jail will start since it the owner will no longer be root but some other user. Can... (1 Reply)
Discussion started by: mojoman
1 Replies

4. Solaris

How to Jail ftp user

Hi Gurus, I am creating a user for ftp only on Solaris 10. However while testing I can see user can reach to root directory. I followed following while creating the user 1 Created a shell in /usr/bin/ftponly as chmod a+x to ftponly 2 Placed the entry in /etc/shells ... (2 Replies)
Discussion started by: kumarmani
2 Replies

5. UNIX for Advanced & Expert Users

ssh jail user

I have a developer that needs ssh access to a server to get to a specific directory. I want to restrict them to that directory. I've tried to set their shell as rksh which does jail them but only if they are using ssh from another unix system. If they are using putty or winscp they can still... (2 Replies)
Discussion started by: toor13
2 Replies

6. Cybersecurity

How to jail a process in his repertory ?

Hi all, I want to jail a process in his folder, so he can't have any link with a parent folder. Ex. If i'm a hacker, and I can upload my script & and I can start it, i'll could go to ../, /etc/passwd, etc.. So what I did is to chroot the process : I copied all libraries used by the... (1 Reply)
Discussion started by: Deb.I.am
1 Replies

7. Cybersecurity

How to jail a process?

Hello people, I'm creating a web game control panel, where people can manage their gameserver on a php made control panel. But i have no idea how to create an jailed inviroment for the gameserver, I've looked at possebilites for chroot, but i don't want the gameserver has any binaries of linux... (1 Reply)
Discussion started by: gm33
1 Replies

LEARN ABOUT LINUX

ftpd_selinux

ftpd_selinux(8) 					 ftpd SELinux policy documentation					   ftpd_selinux(8)

NAME

       ftpd_selinux - Security-Enhanced Linux policy for ftp daemons.

DESCRIPTION

       Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control.

FILE_CONTEXTS
       SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon.	Policy governs the
       access that daemons have to files.

       Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type.

       semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"

       restorecon -F -R -v /var/ftp

       Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and  by  restoring  the  file
       type.  This also requires the allow_ftpd_anon_write boolean to be set.

       semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"

       restorecon -F -R -v /var/ftp/incoming

BOOLEANS

       SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool.

       Allow ftp servers to read and write files with the public_content_rw_t file type.

       setsebool -P allow_ftpd_anon_write on

       Allow ftp servers to read or write files in the user home directories.

       setsebool -P ftp_home_dir on

       Allow ftp servers to read or write all files on the system.

       setsebool -P allow_ftpd_full_access on

       Allow ftp servers to use cifs for public file transfer services.

       setsebool -P allow_ftpd_use_cifs on

       Allow ftp servers to use nfs for public file transfer services.

       setsebool -P allow_ftpd_use_nfs on

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)

dwalsh@redhat.com						    17 Jan 2005 						   ftpd_selinux(8)
All times are GMT -4. The time now is 12:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy