Solved

Creating a user who can only see their own files.

Posted on 2002-07-01
5
182 Views
Last Modified: 2013-12-27
Can anyone tell me how to create a user that can only see their own files, have created the user but they can still see files in other home directories.

I'm going to tear my hair out soon (what's left).
0
Comment
Question by:erikjensen
5 Comments
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 7121908
[root@ man restricted_shell
Reformatting page.  Wait... done

Maintenance Commands                                      rsh(1M)

NAME
     rsh, restricted_shell - restricted shell command interpreter

SYNOPSIS
     /usr/lib/rsh  [ -acefhiknprstuvx ]  [ argument ... ]

DESCRIPTION
     rsh  is a limiting version of the  standard  command  inter-
     preter  sh  ,  used to restrict logins to execution environ-
     ments whose capabilities are more controlled than  those  of
     sh  (see sh(1) for complete description and usage).

     When the shell is invoked, it scans the environment for  the
     value  of  the environmental variable, SHELL. If it is found
     and rsh  is the file name  part  of  its  value,  the  shell
     becomes a restricted shell.

     The actions of rsh  are identical to those of  sh  ,  except
     that the following are disallowed:

        o  changing directory (see cd(1)),

        o  setting the value of $PATH,

        o  pecifying path or command names containing /,

        o  redirecting output (> and >>).

     The restrictions above are enforced after .profile is inter-
     preted.

     A restricted shell can be invoked in one  of  the  following
     ways:

        1. rsh  is the file name part of the last  entry  in  the
           /etc/passwd file (see passwd(4));

        2. the environment variable SHELL exists and rsh  is  the
           file  name part of its value; the environment variable
           SHELL needs to be set in the .login file;

        3. the shell is invoked and rsh  is the file name part of
           argument 0;

        4. the shell is invoke with the -r option.When a  command
           to  be  executed is found to be a shell procedure, rsh
           invokes sh  to execute it. Thus,  it  is  possible  to
           provide  to  the  end-user shell procedures  that have
           access to the full power of the standard shell,  while
           imposing  a  limited  menu  of  commands;  this scheme
           assumes that the end-user does not have write and exe-
           cute permissions in the same directory.

SunOS 5.7            Last change: 1 Nov 1993                    1

Maintenance Commands                                      rsh(1M)

     The net effect of these rules is  that  the  writer  of  the
     .profile  (see  profile(4))  has  complete control over user
     actions by performing guaranteed setup actions  and  leaving
     the user in an appropriate directory (probably not the login
     directory).

     The system administrator often sets up a directory  of  com-
     mands  (that  is, /usr/rbin) that can be safely invoked by a
     restricted shell. Some systems  also  provide  a  restricted
     editor, red .

EXIT STATUS
     Errors detected by the shell, such as syntax  errors,  cause
     the shell to return a non-zero exit status.  If the shell is
     being used non-interactively execution of the shell file  is
     abandoned.  Otherwise,  the shell returns the exit status of
     the last command executed.

ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:
     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|

SEE ALSO
     intro(1),  cd(1),   login(1),   rsh(1),   sh(1),    exec(2),
     passwd(4), profile(4), attributes(5)

NOTES
     The restricted shell, /usr/lib/rsh, should not  be  confused
     with  the remote shell, /usr/bin/rsh, which is documented in
     rsh(1).

SunOS 5.7            Last change: 1 Nov 1993                    2

[root@dfwdba2:$PWD]
0
 

Author Comment

by:erikjensen
ID: 7122108
No good since this does not allow the user to log in as an FTP user.
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 200 total points
ID: 7122321
Are these FTP-only users, or do they also login interactively?

If FTP-only, you can get a copy of wu-ftpd or pro-ftpd and configure it to chroot() to each users' home directory.

If they also login interactively, you can roll your your own login wrapper (not hard to do) to do a similar chroot().

chroot() is the only way to restrict the user to their home directory (there are even ways to break out of the chroot area, but it's much much harder than breaking out of a restricted shell).
0
 
LVL 20

Expert Comment

by:tfewster
ID: 8094053
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- Answered by chris_calabrese

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster
Cleanup Volunteer
0
 
LVL 5

Expert Comment

by:Netminder
ID: 8144336
Per recommendation, force-accepted.

Netminder
EE Admin
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now