Make a User who can't left his home-dir

sentinal · n00b Joined: 12 Jun 2002 Posts: 5

Hello,
I want to create a user, who can't left his homedir and search my server. He should be able to use editors like nano or start other things.

What must I do so that he can't go a level higher?

Xaanin · Posted: Wed Jun 12, 2002 10:24 pm Post subject:

The first question that pops up is: Why would you give this user an account in the first place? If you don't feel you can trust him enough to give him an account that can browse the whole system I don't see the point.

Now, on to your question, a chroot jail would probably do what you want, though they can be broken out of, it's the only solution I can think of. Man chroot and search google should give you something to start with.

lx · Posted: Wed Jun 12, 2002 11:12 pm Post subject:

Check your /root directory it doesn't have world acces (no rwx) chmod o-rwx <dir / filename>, this way only the user and group can access the directory.

So you could do this for your whole system, chroot environment probably easier.

Cya lX.
_________________
"Remember there's a big difference between kneeling down and bending over.", Frank Zappa

klieber · Posted: Thu Jun 13, 2002 1:12 am Post subject:

noldar · Guest

Maybe rsh ( or krsh, bash -r) will do the trick. rsh = restricted shell, not to confuse with remoteShell.

Calling one of those shells restricted will disable the "cd" command, next to other stuff. That of course does mean, that the also won't be able to cd into subdirectories of his/her homedir.
The user will only be able to start programs in his/her path (and is not able to change the PATH variable). Usually, $PATH would be something like /usr/rbin, where all those programs would be installed (linked ?)

Otherwise, there is a chroot shell:

http://www.aarongifford.com/computers/chrsh.html