Does anyone know how to limit a user's ability to navigate the file system. I know that FTP automatically creates a false root so that an anonymous FTP connection cannot get below that directory. I would like to be able to allow certain users a login and rights to their home directory ONLY!! I have set very restrictive rights, only to get numerous errors upon login. Even with these restrictive permissions the user can look around if they know UN*X filesystems. Any help would be appreciated. mc -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
Does anyone know how to limit a user's ability to navigate the file system. I know that FTP automatically creates a false root so that an anonymous FTP connection cannot get below that directory. I would like to be able to allow certain users a login and rights to their home directory ONLY!! I have set very restrictive rights, only to get numerous errors upon login. Even with these restrictive permissions the user can look around if they know UN*X filesystems.
Any help would be appreciated.
How fortuitous that I have only recently completed reading O'Reilly's lovely book "Learning the Bash Shell". Bash, and perhaps tcsh also, has a restricted mode that it can be run in. If it is run as 'rbash' or with the parameter -r it will prevent a user from many actions, including modifying certain variables such as the PATH, changing the current directory, using the shell's 'exec' command and other such things. Thus you can supply users with a set of programs you consider safe as well as space to store documents and configuration files. Try 'man bash' and search for RESTRICTED SHELL. Please note that this should not be considered completely secure. However, it will probably stop all but the most wily troublemakers. -josh -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
Michael, The problem with what you want to do is that for 750f users it is fine. However, for the rest it won't matter what you do cause they can always bust through any "internal firwall" for your filesystem you have setup. I can "attain" root on ANY system I have access to. I may not get it right away but eventualy I find a hole which allows me to slip in. So you see it doesn't make much sence. If anything I'd work on beefing up security and adding multiple system logs, if you are the insecure of your users. Aaron Michael Clark wrote:
Does anyone know how to limit a user's ability to navigate the file system. I know that FTP automatically creates a false root so that an anonymous FTP connection cannot get below that directory. I would like to be able to allow certain users a login and rights to their home directory ONLY!! I have set very restrictive rights, only to get numerous errors upon login. Even with these restrictive permissions the user can look around if they know UN*X filesystems.
Any help would be appreciated.
mc
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
Michael Clark wrote: ...
errors upon login. Even with these restrictive permissions the user can look around if they know UN*X filesystems. ... See "man chroot".
Regards, Matthias -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
participants (4)
-
aaronjw@netcom.ca -
jrodman@skaro.nightcrawler.com -
mclark@datsrvr.datsit.com -
morche@sat1.de