Hi Tito,
I tried your suggestion but it isn't working.
You see, I'm trying to restrict a user to go to other directories such as
the /etc. But when I add a user with same group and adding a / to his home
dir in /etc/passwd, it doesnt prevent him to cd /etc.
Hope there's another way.
Guys, please help.
Thanks.
Regards,
Iris Lames
Brainbench Transcript no: 4387542
Linux user: 298456
Tito Mari Francis Escaño writes:
Good day!
Regarding your concerns, I suggest you first check what group this
user belongs to in the first place.
I suggest you create a group with same name as his username. This
usually defaults to a restricted group and user. Then, edit
/etc/passwd to define his home directory. I suggest you end the
definition of his home directory with a slash (/).
Hope this helps.
On 12/24/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Anyone can tell me how to chroot a user so that he is permitted to go around
only to his account and restricted all other folders?
>Orlando Andico wrote:
>> but to what point? the users still need access to the other directories
>> for e.g. their common daily jobs (e.g. starting the most basic of
>> processes requires reading /etc/ld.so.cache)
>>
>Remember, it's the shell doing this restricting. Other processes inside
>the path can still read these files. *It doesn't do a real chroot.* No
>restrictions are provided to any processes explicitly, so an admin would
>also need to be very careful not to provide commands in a user's path
>that can allow them to circumvent these restrictions.
>> IOW, you've removed their capability to "cd" to those directories, but
>> they can STILL access the contents of those directories by giving the
>> absolute path. so what is gained by inconveniencing them?
>>
>According to the bash man page, the following is further prohibited: the
>specification of any command that contains a slash. They can't access
>the contents of those directories unless a command they have in their
>path explicitly uses them. The shell will prevent them from doing, say
>cat /etc/passwd because the command line contains slashes, but it would
>not prevent a program that read some file in /etc as part of its
>operation, as what programs do on their own are outside the shell's >control.
>-- While there is a lower class, I am in it, while there is a criminal >element,
I am of it, and while there is a soul in prison, I am not free.
>http://stormwyrm.blogspot.com/ _________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @
irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives:
http://archives.free.net.ph
Regards,
Iris Lames
Brainbench Transcript no: 4387542
Linux user: 298456
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
--
Tito Mari Francis H. Escaño
Computer Engineer and Free Software Proponent
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
