how do you restrict a user's access to just one directory?

how do you restrict a user's access to just one directory?

Post by dwaynek.. » Sat, 03 Jun 2000 04:00:00



hi

say i have a user at /home/userabc...

now how do i setup permissions so that userabc cannot cd out of his
directory??

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

how do you restrict a user's access to just one directory?

Post by Mens R » Sat, 03 Jun 2000 04:00:00


One user, or all users?
And if i don't get back to you, which I probably won't since I never
check my postings after I post, associate this person to a group then
limit the group permissions.

Mens Rea
--To the fearless mind; to the inviolate truth...--
coyote.accessnv.com/mensrea


>hi

>say i have a user at /home/userabc...

>now how do i setup permissions so that userabc cannot cd out of his
>directory??

>Sent via Deja.com http://www.deja.com/
>Before you buy.


 
 
 

how do you restrict a user's access to just one directory?

Post by Remove NO_SPAM to rep » Sun, 04 Jun 2000 04:00:00




>>say i have a user at /home/userabc...

>>now how do i setup permissions so that userabc cannot cd out of his
>>directory??

> One user, or all users?
> And if i don't get back to you, which I probably won't since I never
> check my postings after I post, associate this person to a group then
> limit the group permissions.

Umm, no!  That wouldn't stop them from cd-ing anywhere.  There isn't
much you'd be able to do to stop them from doing a cat etc/passwd or
anything else.

The "correct" way is to set them up in a restricted shell.  Give them a
shell in /etc/passwd of rksh.  Do a man ksh and go to the section on
restricted shells to see how this works.

I recently set up a guest account that can do *nothing* but telnet by
using this method.  Yes, I mean nothing!  As in:

$ ls
ls: Command not found.
$ cat /etc/passwd
cat: Command not found.

Damian Menscher
--


--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--

 
 
 

how do you restrict a user's access to just one directory?

Post by Colin McKinnon - No Spam pleas » Mon, 05 Jun 2000 04:00:00




Quote:> The "correct" way is to set them up in a restricted shell.  Give them a
> shell in /etc/passwd of rksh.  Do a man ksh and go to the section on
> restricted shells to see how this works.

> I recently set up a guest account that can do *nothing* but telnet by
> using this method.  Yes, I mean nothing!  As in:

> $ ls
> ls: Command not found.
> $ cat /etc/passwd
> cat: Command not found.

or run their shell chroot'ed.
---

Colin

 
 
 

how do you restrict a user's access to just one directory?

Post by Gordon.Haverl.. » Tue, 06 Jun 2000 04:00:00



>hi

>say i have a user at /home/userabc...

>now how do i setup permissions so that userabc cannot cd out of his
>directory??

As I understand things, the ability for others to CD into some owners
directories is controlled by the owner.  So, if one of your users (say
userdef) is friendly with userabc, they can set things up so that
userabc can cd into any director owned by userdef.

So, while you as an administrator can put this person into a special
group, and can not add this person to other groups, there is not much
you can do (normally) to restrict the movement of this person.  If
someone has world/other permissions on directories set to rwx, userabc
will be able to cd into that directory.

In the context of unusual (abnormal?) things, you can have this person
chroot()ed into some "jail" when they log in.  To them, it will look
like they have the whole machine to themselves.

Gord

 
 
 

how do you restrict a user's access to just one directory?

Post by José M. del Rí » Wed, 07 Jun 2000 04:00:00


At HP-UX there is the restrcited Korn shell (rksh), which
does not allow to issue the 'cd' command.