On Mon, 2004-10-11 at 11:49, James Melin wrote: > How do you set a user account up so that the ID cannot traverse 'above' > their assigned home directory? Our developers want me to setup a dozen > user accounts with access to their application log dir. I wanna set up one, > and only one, and confine it to the log directory. I know how to set the > 'home' dir in the user record, I just don't know how to stop them from > getting out of it
You can do this with chroot, but then you need a copy of all the appropriate binaries that the user can get to. Basically, in order to have a useful shell login, at least the system public binaries must be available to that user. I don't see what you hope to gain by confining the user. Files that random users should not be able to view should not be accessible by "other": that is, the low three bits of the file mode should all be "0". Adam ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
