I thought about that but they wanna be able to less and tail the file. A lot of this is because I am about to go to pam authentication and don't want to add a bunch of short lived local users, or I'd simply add all of the developers to a group and go that way. I just don't want to, and my boss is going 'generic ID? No accountability! Restrict what they can do'.
I originally had looked at this: http://www.netsoc.ucd.ie/flash but I didn't get it to make/make install properly. Basically I'm dancing because I've been told to dance. I tried using /usr/bin/rbash as the default shell. Works if you su to a user with that, but not if you ssh, so the rbash thing isn't gonna do it either. Doug Carroll <william_d_carrol [EMAIL PROTECTED]> To Sent by: Linux on [EMAIL PROTECTED] 390 Port cc <[EMAIL PROTECTED] IST.EDU> Subject Re: Confining a user to the home directory specified in the user 10/12/2004 01:34 record AM Please respond to Linux on 390 Port <[EMAIL PROTECTED] IST.EDU> if it's just to view logs how about a restricted ftp account that can only access your log dir? just a thought William 'Doug' Carroll Mainframe Systems Engineer II Global Technology Infrastructure (614) 213-4954 Office (877) 899-1697 Pager (614) 244-9897 Fax http://www.bankone.com James Melin <[EMAIL PROTECTED] To: [EMAIL PROTECTED] epin.mn.us> cc: (bcc: William D Carroll/OH/ONE) Sent by: Linux on Subject: Re: Confining a user to the home directory specified in the user record 390 Port <[EMAIL PROTECTED] ST.EDU> 10/11/2004 01:45 PM Please respond to Linux on 390 Port Looks like rbash or bash -r will do the job nicely. David Boyes <[EMAIL PROTECTED] e.net> To Sent by: Linux on [EMAIL PROTECTED] 390 Port cc <[EMAIL PROTECTED] IST.EDU> Subject Re: Confining a user to the home directory specified in the user 10/11/2004 12:28 record PM Please respond to Linux on 390 Port <[EMAIL PROTECTED] IST.EDU> > On Mon, 2004-10-11 at 11:49, James Melin wrote: > > How do you set a user account up so that the ID cannot > traverse 'above' > > their assigned home directory? Our developers want me to > setup a dozen > > user accounts with access to their application log dir. I > wanna set up one, > > and only one, and confine it to the log directory. I know > how to set the > > 'home' dir in the user record, I just don't know how to > stop them from > > getting out of it You may also want to look up the "restricted" shell -- it's designed for "padded cell" things like that. You have to specifically list any and all files that can be accessed from the id, but it sounds like that might be doable for this application. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
