Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

User Directory Ceiling

Status
Not open for further replies.
ggggus

ggggus

Programmer
Jul 5, 2003
114
I googled a few search terms, but I guess I can't figure out what it's actually called.

I want to limit directory browsing from users on our server that are ssh or ftp'd in. I basically want them to stay within their /home/username/ directory and to be able to read files on the rest of the server...

How do I do this?
I tried chmod 770 /home
and that worked for what I wanted...except it had the unwanted affect of making apache not able to server pages in the user user's directory...so what is the real way to do this?

***************************************
J. Jacobs
 
Sort by date Sort by votes
Home directories are marked 751. As a root user run
Code: 
chmod -r -f /home/ 755 *
This will address your problem but I do not recommend it at all.
It would be like taking a unix system and turning it into a windoz system.

If I may suggest something instead,
create a new directory to share to all users.

Change the group ownership on that directory to a new, common group, create all users as members of that group, above their normal standard user group.
They will now have access to a common user soace and still have full user's home security.
This way you will full control on what is going on on your server by assigning limited and controlled rights to all users, yet they will still enjoy having a common file sharing area.


Cheers

QatQat


Life is what happens when you are making other plans.
 
Upvote 0 Downvote
I guess I didn't make myself clear...the current configuration is 775... I don't want my users to view other users files.

if a user ssh into /home/someuser/
I don't want them to go in any directory higher than that..so they can't go view files from /home/anotheruser/

Is there a way to set they files a specific user can view, or the folders they are allowed into?
My first guess is that is has something to do with the login type...which is currently /bin/sh
setting it to /dev/null makes them not able to log in...will changing this to the proper setting acheive what I want?

***************************************
J. Jacobs
 
Upvote 0 Downvote
Very difficult IMO to limit ssh access in the way you
describe.
This is just an encrypted shell session over a tcp connection
after all.

Unlike ftp which was created with the idea of access control based on file system traversal, ssh is a replacement for the old r services (*login and *sh) which did host based filtration (.rhosts, etc) and did not attempt to limit relatively low-level user operations once logged in to a
valid shell.

You could look into the restricted shell variations but I've been down this path before and found it to be a slippery
slope.
 
Upvote 0 Downvote
Ok, I assumed that ssh and ftp were dealt with in the same way, but I guess now. My question really centers around FTP anyway.

I've got CentOS 4.3 with vsFTPd installed, how do I go about limiting users to thier home directories?

***************************************
J. Jacobs
 
Upvote 0 Downvote
I would stay away from giving your users telnet ot ssh access unless you really have to. It is best to chroot your ftp users but let them use some ftp commands so the can create and delete sub-directories and perform chmod and other such commands. There are some programs such as webmin which let you administer your servers remotely. It has a usermin module which lets users have whatever priv you let them. For example they can use a telnet/ssh like script but it will restrict them to their own directories. There is also a module called virtualmin which has a lot if not more of the same function found in Cpanel. It may be worth a peek. You can find it at
 
Upvote 0 Downvote
sorry gggus, I did not understand your question correctly.

In this case sleipnir is right, you want to look at enabling chroot_local_user

What ftp server are you using?

QatQat

Life is what happens when you are making other plans.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
410
gbaughma
gbaughma
MCP2000
  • Locked
  • Question
CentOS 6.9, LDAP, Vault, Active Directory
Replies
0
Views
71
MCP2000
MCP2000
jimktrains
  • Locked
  • Question
RHEL 7 limit user logins
Replies
0
Views
87
jimktrains
jimktrains
jponnusa
  • Locked
  • Question
Help on Mapping Local Directory for URL
Replies
1
Views
104
SamBones
SamBones
w5000
  • Locked
  • Question
openssh - user config
Replies
3
Views
89
w5000
w5000

Part and Inventory Search

Sponsor

Back
Top