Re: [S.u.S.E. Linux] permissions
![](https://seccdn.libravatar.org/avatar/8a4b00a790e6b2fa895fd05409623eb9.jpg?s=120&d=mm&r=g)
You can make them use a _restricted_ shell (rbash instead of bash) - take a
look at "man bash", in "RESTRICTED SHELL" : the users are set chroot, so
they can't get "higher" than they're home, but you have to provide a /bin,
etc... for every single one of these users !
Pascal
-----Original Message-----
From: Michael Clark
Does anyone know how to limit a user's ability to navigate the file system.
I know that
FTP automatically creates a false root so that an anonymous FTP connection cannot get below that directory. I would like to be able to allow certain users a login and rights to their home directory ONLY!! I have set very restrictive rights, only to get numerous errors upon login. Even with these restrictive permissions the user can look around if they know UN*X filesystems.
Any help would be appreciated.
mc
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
![](https://seccdn.libravatar.org/avatar/be57f3b805fac8f81a214dd74cb790e1.jpg?s=120&d=mm&r=g)
I have looked at the documentation for RBASH, and it looks like exactly what I need. The only problem is, I don't have RBASH on my system. If I start a bash shell, then type 'bash -r' I get the restricted shell. How do I create/find RBASH???? I have tried aliases and links to no avail. thanks mc Pascal Bleser wrote:
You can make them use a _restricted_ shell (rbash instead of bash) - take a look at "man bash", in "RESTRICTED SHELL" : the users are set chroot, so they can't get "higher" than they're home, but you have to provide a /bin, etc... for every single one of these users !
Pascal
-----Original Message----- From: Michael Clark
To: suse-linux-e@suse.com Date: samedi 18 avril 1998 02:04 Subject: [S.u.S.E. Linux] permissions Does anyone know how to limit a user's ability to navigate the file system.
I know that
FTP automatically creates a false root so that an anonymous FTP connection cannot get below that directory. I would like to be able to allow certain users a login and rights to their home directory ONLY!! I have set very restrictive rights, only to get numerous errors upon login. Even with these restrictive permissions the user can look around if they know UN*X filesystems.
Any help would be appreciated.
mc
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
![](https://seccdn.libravatar.org/avatar/1327b4743318d1fcbf2b6141fb8f64f7.jpg?s=120&d=mm&r=g)
I have looked at the documentation for RBASH, and it looks like exactly what I need. The only problem is, I don't have RBASH on my system. If I start a bash shell, then type 'bash -r' I get the restricted shell. How do I create/find RBASH???? I have tried aliases and links to no avail.
This really depends upon how bash is built/what version of bash, but the version SuSE ships with supports the sensible way to do it, links. Simply make a symbolic link - rbash - that points at bash: u <enter root password> cd /bin ln -s bash rbash exit add it to the file /etc/shells.in u <enter root pwd> echo "/bin/rbash" >>/etc/shells.in exit configure your users to the shell /bin/rbash using YaST, and you're set. -josh
Pascal Bleser wrote:
You can make them use a _restricted_ shell (rbash instead of bash) - take a look at "man bash", in "RESTRICTED SHELL" : the users are set chroot, so they can't get "higher" than they're home, but you have to provide a /bin, etc... for every single one of these users !
Pascal
-----Original Message----- From: Michael Clark
To: suse-linux-e@suse.com Date: samedi 18 avril 1998 02:04 Subject: [S.u.S.E. Linux] permissions Does anyone know how to limit a user's ability to navigate the file system.
I know that
FTP automatically creates a false root so that an anonymous FTP connection cannot get below that directory. I would like to be able to allow certain users a login and rights to their home directory ONLY!! I have set very restrictive rights, only to get numerous errors upon login. Even with these restrictive permissions the user can look around if they know UN*X filesystems.
Any help would be appreciated.
mc
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
![](https://seccdn.libravatar.org/avatar/725264b296250be2718d9b81edc82654.jpg?s=120&d=mm&r=g)
Michael Clark wrote:
I have looked at the documentation for RBASH, and it looks like exactly what I need. The only problem is, I don't have RBASH on my system. If I start a bash shell, then type 'bash -r' I get the restricted shell. How do I create/find RBASH???? I have tried aliases and links to no avail.
Linux: the greatest adventure game since the invention of the PC <<< -- To get out of this list, please send email to majordomo@suse.com with
... cd /bin ln -s bash rbash 8-) -- Matthias Morche (<A HREF="mailto:morche@sat1.de">mailto:morche@sat1.de</A>) SAT.1 (<A HREF="http://www.sat1.de"><A HREF="http://www.sat1.de</A">http://www.sat1.de) this text in its body: unsubscribe suse-linux-e
participants (4)
-
jrodman@skaro.nightcrawler.com
-
mclark@datsrvr.datsit.com
-
morche@sat1.de
-
pbleser@prov-liege.be