how do U restrict a user to a single directory?


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers how do U restrict a user to a single directory?
# 1  
Old 08-21-2008
Network how do U restrict a user to a single directory?

specifically - I don't need to restrict a user to a single directory - but I want them to be "ROOTED" to their home directory.

so if my home directory is /home/onlyme

when I login - if I do a pwd - I want to see:
/

but in real life I will be in /home/onlyme - it just appears as root to me.

I don't care if I can make dir's under this... I just don't want users to even SEE what's above their home dir...

i think there used to be a way in sysV unix to do this in the passwd file... but I don't remember how.

chroot is NOT a solution - it confines the user to a jail - but they have full [visual] access to the jail.

FWIW - I'm using debian linux.
TIA
# 2  
Old 08-21-2008
I'm not familiar with the type of obscure trick you're implying.

However, I could give you some advise on how to do something similar. Bash has a mode in which users shall not exit their home dir (RESTRICTED MODE). This mode can be activated by calling bash with another name (rbash -- which is simply a symlink to bash) or doing bash -r . Although this restrictions work fine under normal usage, they are only a barrier to dummy users because any programmer could bypass them all.

Alternatively you could try more reliable methods such as virtualization (f.e. xen).
# 3  
Old 08-22-2008
red-

TX much for your reply...

I am actually familiar with rbash.
The problem with the restricted shell is this - even if the user can't 'cd' out of it - they still can ls /home.

what I'm after here, is to no only protect the data of other users, but their identity as well. I don't want users to know who other users are, or even how many other users there are...

Re: virtualization - I'm not sure how that would help; unless I setup a VM for each user ;-) FWIW: this system is already a VM under vmware-server (free ver.)

TIA for any other ideas/comments Smilie
# 4  
Old 08-22-2008
Do you want chroot? The only problem with that is you have to create a link in each /home/username to /usr and maybe /opt, etc. so they can run scripts or apps.

try this for some background on chroot jail-
http://www.unixwiz.net/techtips/chroot-practices.html

Last edited by vgersh99; 08-23-2008 at 05:09 PM.. Reason: fixed code tag
# 5  
Old 08-22-2008
@itobenon: If you don't want them to ls /home, just change permissions: chmod 711 /home . About /etc/passwd is harder because many programs rely on reading it's contents (ACL implementation would be advised).

Yes, I was talking about virtualization per user.

Anyway, why not try selinux? RSBAC? grsecurity? I think you're looking for MAC/ACL implementations (they're hard to maintain but provide ultimate security)
# 6  
Old 08-23-2008
I don't understand why chroot is not acceptable. As far as I can tell, it fulfills your requirements.
# 7  
Old 08-24-2008
I too would like to know chroot will not work.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Is there a way to restrict a user (owner) to execute scripts from a specific directory

Hello, I have a user Bob on a RHEL 7 server1. Where his script area is "/home/Bob/scripts/" and he is the owner for this directory. On the server1, there is a NFS mount from another server2, with path as "/global/work/" and Bob is the owner for this directory too in server2. (Same UID and GID... (5 Replies)
Discussion started by: karumudi7
5 Replies

2. AIX

How to restrict user to a particular directory?

hi, I want to restrict some user access to only 1 directory (including all sub-directories/files in it). can you please explain me, how can we do this? example; Filesystem GB blocks Used Free %Used Mounted on /dev/hd4 2.61 1.02 1.59 40% / /dev/hd2 ... (7 Replies)
Discussion started by: aaron8667
7 Replies

3. Solaris

restrict sudo and chown in specified directory

Hi Dears, I have one requirement like this: general user A can execute command C with root privilege by sudo configuration some folders and files are created during the command C execution user A cannot access those folders and files because the owner is root user, so I want the user A... (0 Replies)
Discussion started by: crest.boy
0 Replies

4. Solaris

How to restrict user to a specific directory in solaris 10

Hi all, I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only. Regards (6 Replies)
Discussion started by: gilldn
6 Replies

5. Solaris

Restrict FTP User to a Directory

I am using Solaris 10 on SPARC. SunOS ddw 5.10 Generic_139555-08 sun4u sparc SUNW,SPARC-Enterprise I have put some text files in a directory '/u01/network' I want to create a ftp user which can just read the files in the network directory. The ftp user shouldn't be able to navigate or see... (4 Replies)
Discussion started by: fahdmirza
4 Replies

6. Red Hat

Restrict user to a particular directory

Hi I have a Fedora10 server and i need a particular user to view files only in a particular folder. All other files in other folders having "read" permission for all shouldn't be accessible to this user. Please let me know if ther's a way. Thanks, HG (5 Replies)
Discussion started by: Hari_Ganesh
5 Replies

7. UNIX for Dummies Questions & Answers

restrict one user to see only his home directory in his profile

Hi I need to restrict one user to see only his home directory and one more directory how i can do this in his profile. The OS is Red hat linux I create a user -- tec and group calle --tec one the user log in he will see /home/tec and he need to see /opt/load this dirctory... (6 Replies)
Discussion started by: aboorkuma
6 Replies

8. AIX

New user and restrict path

Hello I have a question in Aix 5.3 can I create a user, that only can see a specify path. I mean the user log in the default path its /home/newuser he type cd the path that need to check /example/directory_check but if he wants to go to / or any other path. we can not do this. I only... (1 Reply)
Discussion started by: lo-lp-kl
1 Replies

9. UNIX for Advanced & Expert Users

Restrict FTP access to a single directory for only one user.

Hi All, It will be very great if you can help me in this issue. Thanks in advance. I need to enable FTP on a solaris9 server. I need to create a new user some "xxxxxx" and he can only FTP the files to and from between /tftpboot directory and network devices. Other users should not... (8 Replies)
Discussion started by: santhoshkumar_d
8 Replies

10. UNIX for Dummies Questions & Answers

Restrict my search to current directory.

Hi every1, There is a folder with .lst files which has email id's of our project group. I want to find files which has my email id starting with sachin but i dont want find command to search subdirectories. I have read about prune but i didnt understand that. I am pretty new in this field.... (7 Replies)
Discussion started by: sachin.gangadha
7 Replies
Login or Register to Ask a Question