aru Posted January 15, 2003 Report Share Posted January 15, 2003 mandrake90 Newbie Joined: 27 Oct 2002 Posts: 3 Post Posted: Sun Oct 27, 2002 8:58 pm Post subject: Restricting users to their own directory !!?? _________________________________________________________________ Is there an easy method of restricting a user to their own default directory? I was given the following site as a reference, but cannot seem to make sense out of it!! http://www.sunmanagers.org/pipermail/summa...rch/000337.html Can permissions control a user, including cd'ing all over the server ? I have read many posts on it with some answers as, 'doesn't matter if permissions set right'!!?? In my case seeing the name of some files is just to much information to give out to the nosy guest... Box the user in their directory ?? So easy to say ... :? Glitz Senior user Joined: 02 May 2002 Posts: 507 Location: The Great White North Post Posted: Tue Oct 29, 2002 6:06 am Post subject: _________________________________________________________________ If you change the permissions for a directory created by root in group root to rwxr-x--- then anyone not in group root will not be able to even change to that directory (take away read access). Glitz. PS. You have to make sure though that they have access to any directories were they have to run programs from. theYinYeti Senior user Joined: 13 May 2002 Posts: 452 Location: Cannes (France) Post Posted: Wed Oct 30, 2002 9:21 am Post subject: _________________________________________________________________ If you want to make something like this, you're going to have lots of trouble, because executables are in /bin, /usr/bin..., needed libraries are in /usr/lib, /usr/X11/lib... configurations files are in /etc; well, basically, if users have access to the filesystem, it is because they have to. Anyway, here are some basics: The rights of a directory are (u=user, g=group, o=other, r=read, w=write, x=cross) ur uw ux gr gw gx or ow ox We'll assume that it's o we want to control. To make a directory unwritable, execute as root Code: chmod o-w /a/path/ To make a directory unusable, execute as root Code: chmod o-rw /a/path/ To make a directory uncrossable, execute as root Code: chmod o-x /a/path/ Replace - with + for the reverse operation. For example, if you want your users to have access to /usr/lib, and /usr/bin, but not to /usr, and also to completely ban access to /root, you do this: Code: chmod o-rw,o+x /usr chmod o-w,o+rx /usr/bin chmod o-w,o+rx /usr/lib chmod o-rwx /root Another solution could be to isolate your users in a fake and safe environment. See here: http://www.linuxorbit.com/modules.php?op=m...tpage&artid=538 http://www.gsyc.inf.uc3m.es/~assman/jail/index.html Yves. Editor's note: This thread was originally posted at the old MUB (Mandrake User Board at club-nihil). This post is the result of a 99% automatic backup, so due to its nature some text may be lost (improbable but possible). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.