|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
How can I forbid a user to go up his home directory
Post 7969 by MarcoW on Thursday 4th of October 2001 08:14:31 AM
10-04-2001
How can I forbid a user to go up his home directory
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello
How do i restrict a user only to his own directory so that he wont be able to cd to other directories.
say for excample there is user called xiamin then xiamin should be restricted to /usr/xiamin only.
i am on redhat linux
regards
Hrishy (4 Replies)
Discussion started by: xiamin
4 Replies
2. UNIX for Dummies Questions & Answers
The home directory for me on my system is on /home/kwon. It was created using "useradd kwon"
When i go to change the home directory for a user doing a usermod -d /home/test when they log on it gives them messages saying to generate new ssh keys, and it does. It gives me a thing that says... (1 Reply)
Discussion started by: BangYourWallnut
1 Replies
3. UNIX for Dummies Questions & Answers
Hi,
I am running Solaris 10 and I am using the ftp server that comes with it. I would like to specify a specific directory as ftp user's home directory.
For example, if "ftpuserx" ftps into my solaris machine, they will automatically be taken to "/space/web" directory, even though there... (0 Replies)
Discussion started by: annointed3
0 Replies
4. Solaris
Hi,
I've created solaris user which has both FTP and SFTP Access. Using the "ftpaccess" configuration file options "guest-root" and "restricted-uid", i can restrict the user to a specific directory. But I'm unable to restrict the user when the user is logged in using SFTP.
The aim is to... (1 Reply)
Discussion started by: sftpuser
1 Replies
5. Red Hat
Hi,
By default user's home directory will be /home/$user.
I want to change it to /javauser/$user. How can I do it?
Thanks
Jeevan. (5 Replies)
Discussion started by: jredx
5 Replies
6. Solaris
Hello all,
I am Installing Oracle 11g on my Solaris OS.
I created the below oracle user:
# /usr/sbin/useradd -g oinstall -G dba oracle
but when i am trying to to su - oracle it give me the below error
No directory
Do i have to setup a home directory for oracle user? and how can i do... (1 Reply)
Discussion started by: beayni33
1 Replies
7. UNIX for Dummies Questions & Answers
I found this old closed thread:
I can do these things, but how to I change someone's profile - where do I find the profile? I'm running Centos 5.6
~~~~~~~~~
providing you have the password shell set to ksh,
you can put this in his .profile:
cd /opt/load
alias -x cd=: (6 Replies)
Discussion started by: jjj0923
6 Replies
8. UNIX for Dummies Questions & Answers
I am trying to create Oracle user. I will install oracle after that. But my problem is /home/oracle directory is not being created.
bash-3.2# useradd -g oinstall -G dba,oper -d /home/oracle -m oracle
cp: /home/oracle: Operation not applicable
chown: /home/oracle: No such file or directory
... (3 Replies)
Discussion started by: hubatuwang
3 Replies
9. Shell Programming and Scripting
Good Afternoon,
I'm trying userdel -r username on Solaris 9 and getting
UX: userdel: ERROR: unable to find status about home directory: No such file or directory
I see the user's home directory and getent passwd shows the user
Anybody know what's causing it? (2 Replies)
Discussion started by: Stellaman1977
2 Replies
10. Solaris
Hello,
I've just started using a Solaris machine with SunOS 5.10.
After the machine is turned on, I open a Console window and at the prompt, if I execute a pwd command, it tells me I'm at my home directory (someone configured "myuser" as default user after init).
... (2 Replies)
Discussion started by: egyassun
2 Replies
LEARN ABOUT DEBIAN
lshell
lshell(1) General Commands Manual lshell(1) NAME
lshell - Limited Shell SYNOPSIS
lshell [OPTIONS] DESCRIPTION
lshell provides a limited shell configured per user. The configuration is done quite simply using a configuration file. Coupled with ssh's authorized_keys or with /etc/shells and /etc/passwd , it becomes very easy to restrict user's access to a limited set of command. OPTIONS
--config <FILE> Specify config file --log <DIR> Specify the log directory -h, --help Show help message --version Show version CONFIGURATION
You can configure lshell through its configuration file: On Linux -> /etc/lshell.conf On *BSD -> /usr/{pkg,local}/etc/lshell.conf lshell configuration has 4 types of sections: [global] -> lshell system configuration (only 1) [default] -> lshell default user configuration (only 1) [foo] -> UNIX username "foo" specific configuration [grp:bar] -> UNIX groupname "bar" specific configuration Order of priority when loading preferences is the following: 1- User configuration 2- Group configuration 3- Default configuration [global] logpath config path (default is /var/log/lshell/) loglevel 0, 1, 2, 3 or 4 (0: no logs -> 4: logs everything) logfilename - set to syslog in order to log to syslog - set log file name, e.g. %u-%y%m%d (i.e foo-20091009.log): %u -> username %d -> day [1..31] %m -> month [1..12] %y -> year [00..99] %h -> time [00:00..23:59] syslogname in case you are using syslog, set your logname (default: lshell) [default] and/or [username] and/or [grp:groupname] aliases command aliases list (similar to bash's alias directive) allowed a list of the allowed commands or set to 'all' to allow all commands in user's PATH allowed_cmd_path a list of path; all executable files inside these path will be allowed env_path update the environment variable $PATH of the user (optional) env_vars set environment variables (optional) forbidden a list of forbidden characters or commands history_file set the history filename. A wildcard can be used: %u -> username (e.g. '/home/%u/.lhistory') history_size set the maximum size (in lines) of the history file home_path (deprecated) set the home folder of your user. If not specified, the home directory is set to the $HOME environment variable. This variable will be removed in the next version of lshell, please use your system's tools to set a user's home directory. A wildcard can be used: %u -> username (e.g. '/home/%u') intro set the introduction to print at login passwd password of specific user (default is empty) path list of path to restrict the user geographically. It is possible to use wildcards (e.g. '/var/log/ap*'). prompt set the user's prompt format (default: username) %u -> username %h -> hostname prompt_short set sort prompt current directory update - set to 1 or 0 overssh list of command allowed to execute over ssh (e.g. rsync, rdiff- backup, scp, etc.) scp allow or forbid the use of scp connection - set to 1 or 0 scpforce force files sent through scp to a specific directory scp_download set to 0 to forbid scp downloads (default is 1) scp_upload set to 0 to forbid scp uploads (default is 1) sftp allow or forbid the use of sftp connection - set to 1 or 0 sudo_commands a list of the allowed commands that can be used with sudo(8) timer a value in seconds for the session timer strict logging strictness. If set to 1, any unknown command is considered as forbidden, and user's warning counter is decreased. If set to 0, command is considered as unknown, and user is only warned (i.e. *** unknown synthax) warning_counter number of warnings when user enters a forbidden value before getting exited from lshell. Set to -1 to disable the counter, and just warn the user. SHELL BUILTIN COMMANDS
Here is the set of commands that are always available with lshell: clear clears the terminal help, ? print the list of allowed commands history print the commands history lpath lists all allowed and forbidden path lsudo lists all sudo allowed commands EXAMPLES
$ lshell Tries to run lshell using default ${PREFIX}/etc/lshell.conf as configuration file. If it fails a warning is printed and lshell is interrupted. lshell options are loaded from the configuration file $ lshell --config /path/to/myconf.file --log /path/to/mylog.log This will override the default options specified for configuration and/or log file USE CASE
The primary goal of lshell, was to be able to create shell accounts with ssh access and restrict their environment to a couple a needed commands. In this example, User 'foo' and user 'bar' both belong to the 'users' UNIX group: User foo: - must be able to access /usr and /var but not /usr/local - user all command in his PATH but 'su' - has a warning counter set to 5 - has his home path set to '/home/users' User bar: - must be able to access /etc and /usr but not /usr/local - is allowed default commands plus 'ping' minus 'ls' - strictness is set to 1 (meaning he is not allowed to type an unknown command) In this case, my configuration file will look something like this: # CONFIURATION START [global] logpath : /var/log/lshell/ loglevel : 2 [default] allowed : ['ls','pwd'] forbidden : [';', '&', '|'] warning_counter : 2 timer : 0 path : ['/etc', '/usr'] env_path : ':/sbin:/usr/bin/' scp : 1 # or 0 sftp : 1 # or 0 overssh : ['rsync','ls'] aliases : {'ls':'ls --color=auto','ll':'ls -l'} [grp:users] warning_counter : 5 overssh : - ['ls'] [foo] allowed : 'all' - ['su'] path : ['/var', '/usr'] - ['/usr/local'] home_path : '/home/users' [bar] allowed : + ['ping'] - ['ls'] path : - ['/usr/local'] strict : 1 scpforce : '/home/bar/uploads/' # CONFIURATION END NOTES
In order to log a user's warnings into the logging directory (default /var/log/lshell/) , you must firt create the folder (if it doesn't exist yet) and chown it to lshell group: # addgroup --system lshell # mkdir /var/log/lshell # chown :lshell /var/log/lshell # chmod 770 /var/log/lshell then add the user to the lshell group: # usermod -aG lshell user_name In order to set lshell as default shell for a user: On Linux: # chsh -s /usr/bin/lshell user_name On *BSD: # chsh -s /usr/{pkg,local}/bin/lshell user_name AUTHOR
Currently maintained by Ignace Mouzannar (ghantoos) EMAIL
Feel free to send me your recommendations at <ghantoos@ghantoos.org> v0.9.15 March 13, 2012 lshell(1)