[Wolves] Re: Restricting Users

Simon Burke simon.burke at gmail.com
Sun Dec 12 11:36:07 GMT 2004


On Sun, 12 Dec 2004 11:16:00 +0000, Simon Burke <simon.burke at gmail.com> wrote:
> On Sun, 12 Dec 2004 11:02:34 +0000, Simon Burke <simon.burke at gmail.com> wrote:
> 
> 
> > Bit of a wierd question.
> >
> > I'm messing around a bit with my linux machine and (ubuntu, also the
> > mrs' machine)
> > Anyway does anyone know if it is possible to restrict users, as far as
> > not permitting them to leave their /home/$USER dir. (ie they can
> > navigate around the directories in their home directory but not go
> > above their /home/$USER directory.
> >
> > I mean they can go
> > /home/$USER/, /home/$USER/foo etc.
> >
> > but they cant go /home, /etc, /usr et al.
> >
> > Also is it possible to restrict the commands they can use, like stop
> > them from using df (as an example)
> > --
> > Theres no place like ::1
> >
> > Thanks,
> > SimonB
> > 
> Ok i'll do a bit of explaining. This is so i can sftp to my machine
> and if someone gets my pwd and username they cant do damage.
> AFAIK for the directory issue i would have to chroot sftp sessions.
> Which im looking for a how-to at the momment as i'd want it chrooted
> to a non-root user. The man page for chroot is still a bit cryptic to
> me so im looking for a how-to at the momment.
> 
> The command restriction in this situation is primarily for ssh also,
> is it possible to allow sftp sessions but not ssh ones??
> 
> 
Ok, i figured it all out, the command bit ishnt that hard, its just a
case of not copying over the relevant commands to /home$USER/bin/ and
making sure that the copied commands are not suid. Ok that was a waste
of time answering my own query but one thing still remains, breaking
out of chroot. Is it possible to stop this?


-- 
Theres no place like ::1

Thanks,
SimonB



More information about the Wolves mailing list