How do I limit a user to access just his folder? Suppose I don't want the user to be able to cd anywhere else, isit possible? Do I need to chmod the whole system?
Asked
Active
Viewed 732 times
2
-
If the user does not have permission to see any of the rest of the system, then they also cannot run programs, which might be ... inconvenient! – ams Nov 23 '11 at 12:16
4 Answers
1
If the user is sshing in, then you could set up a chroot jail. Not done it myself, but there are various tutorials that can be found via google
cosmorogers
- 657
1
If it's just for a terminal/ssh login, you may want to follow this tutorial to create a chrooted environment for this user.
Regards
Paulo Arruda
- 775
0
Yes, I think you would have to chmod the whole system. You could create a group for the users to whom you want to allow access, and forbid execution access to everyone else. The user in question would not be in that group.
Why would you want to do that? Maybe there is a simpler way to do what you want.
A better place to ask this would be http://groups.google.com/group/comp.unix.shell
Philip
- 11
0
You could have a look at rbash - basically starting bash with -r restricts what a user can do, but I think it might be a bit too restrictive, ie it doesn't allow you to cd anywhere , not even into subdirs of your homedir.
The problem with implementing something like this is it's usually possible to break out of unless you get really draconian. I just tried rbash, and simply running "bash" in it breaks me out of the restrictions. So you'd have to ensure they can't run any other shell. But then they could upload one, so you'd have to ensure they can't upload anything or mark anything executable. And so on.
Caesium
- 15,807