Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Jailing a user in their home directory after logging in. 6

Status
Not open for further replies.
stla

stla

IS-IT--Management
Mar 12, 2003
190
DE
(Elementary user)

The user 'foo' has a home directory of /opt/foo and a shell to /bin/bash

Once foo logs in however, they can cd to '/'.

Is there a way to jail the user so that they might only access their home directory thus preventing them to navigate elsewhere?

Best regards

 
Sort by date Sort by votes
hi,
if you mean to manage its home dir as in ftp,
thas is when user give pwd sees /
this is not possible: he would not run any program as
ls, cd, cat, vi, ...
You have to customize your user/data directories
giving right permissions. ( avoid touch /usr/... /var/... or some applications may not go).

bye
vic
 
Upvote 0 Downvote
man chroot

Some days are diamonds, some days are rocks - make sure most are the former.
 
Upvote 0 Downvote
what ken says. you can create a chrooted environment for the user. google has lots of info on this.
 
Upvote 0 Downvote
Chroot creates a chrooted environment for a program to run in, not for a user.

Jailing users is way more complicated if you need full filesystem replicated in the user's jail.

QaTQat

--------------------------------------
If I could have sex each time I reboot my server, I would definitely prefer Windoz over Linux!
 
Upvote 0 Downvote
Thanks everyone for all your responses and help.

One idea that came from RH directly was to use 'rbash' as foo's shell.

This indeed locked them in their home directory however, it won't let them execute a specific binary as slashes are not allowed in the command name:

./foos_binary

Placing the binary in a subfolder of foo's home didn't work either.

Does anyone know if an rbash user can at all execute non shell binaries?

Best regards

 
Upvote 0 Downvote
You just need to set up the PATH correctly for them so that it includes any directory where binaries they need to run are located; you can do this in their .bashrc or .bash_profile as they cannot alter their PATH once the shell has entered restricted mode. See the RESTRICTED SHELL section of the man bash page for details.

Annihilannic.
 
Upvote 0 Downvote
Note that the restricted mode prevents them from using cd, however it doesn't prevent them from doing, say, ls -l /, so it may not achieve what you desire.

Annihilannic.
 
Upvote 0 Downvote
i still say just chroot the users shell. qatqat makes a good point that it could be complicated depending on what you need to provide the user but building a basic chroot for them is not all that difficult(well documented via google), and a user is a process.. what is a shell if not a process?

the only time we had something like this we created a very simple shell script menu/prompting system to do just what the user needed and trapped everything else to keep them from breaking free... made that their login shell and away they went. might've been a few other factors to consider with that path but its been so many years now i cant recall.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
634
gbaughma
gbaughma
grazinggoat2
  • Locked
  • Question
Old PIDS after script runs
Replies
0
Views
161
grazinggoat2
grazinggoat2
hobbytech
  • Locked
  • Question
Internet not connecting
Replies
5
Views
297
Stephen_Hawk
Stephen_Hawk
MCP2000
  • Locked
  • Question
CentOS 6.9, LDAP, Vault, Active Directory
Replies
0
Views
112
MCP2000
MCP2000
Steve Bowman
  • Locked
  • Question
I have a Debian server (buster) I h
Replies
0
Views
138
Steve Bowman
Steve Bowman

Part and Inventory Search

Sponsor

Back
Top