Solved

Creating a user who can only see their own files.

Posted on 2002-07-01
5
183 Views
Last Modified: 2013-12-27
Can anyone tell me how to create a user that can only see their own files, have created the user but they can still see files in other home directories.

I'm going to tear my hair out soon (what's left).
0
Comment
Question by:erikjensen
5 Comments
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 7121908
[root@ man restricted_shell
Reformatting page.  Wait... done

Maintenance Commands                                      rsh(1M)

NAME
     rsh, restricted_shell - restricted shell command interpreter

SYNOPSIS
     /usr/lib/rsh  [ -acefhiknprstuvx ]  [ argument ... ]

DESCRIPTION
     rsh  is a limiting version of the  standard  command  inter-
     preter  sh  ,  used to restrict logins to execution environ-
     ments whose capabilities are more controlled than  those  of
     sh  (see sh(1) for complete description and usage).

     When the shell is invoked, it scans the environment for  the
     value  of  the environmental variable, SHELL. If it is found
     and rsh  is the file name  part  of  its  value,  the  shell
     becomes a restricted shell.

     The actions of rsh  are identical to those of  sh  ,  except
     that the following are disallowed:

        o  changing directory (see cd(1)),

        o  setting the value of $PATH,

        o  pecifying path or command names containing /,

        o  redirecting output (> and >>).

     The restrictions above are enforced after .profile is inter-
     preted.

     A restricted shell can be invoked in one  of  the  following
     ways:

        1. rsh  is the file name part of the last  entry  in  the
           /etc/passwd file (see passwd(4));

        2. the environment variable SHELL exists and rsh  is  the
           file  name part of its value; the environment variable
           SHELL needs to be set in the .login file;

        3. the shell is invoked and rsh  is the file name part of
           argument 0;

        4. the shell is invoke with the -r option.When a  command
           to  be  executed is found to be a shell procedure, rsh
           invokes sh  to execute it. Thus,  it  is  possible  to
           provide  to  the  end-user shell procedures  that have
           access to the full power of the standard shell,  while
           imposing  a  limited  menu  of  commands;  this scheme
           assumes that the end-user does not have write and exe-
           cute permissions in the same directory.

SunOS 5.7            Last change: 1 Nov 1993                    1

Maintenance Commands                                      rsh(1M)

     The net effect of these rules is  that  the  writer  of  the
     .profile  (see  profile(4))  has  complete control over user
     actions by performing guaranteed setup actions  and  leaving
     the user in an appropriate directory (probably not the login
     directory).

     The system administrator often sets up a directory  of  com-
     mands  (that  is, /usr/rbin) that can be safely invoked by a
     restricted shell. Some systems  also  provide  a  restricted
     editor, red .

EXIT STATUS
     Errors detected by the shell, such as syntax  errors,  cause
     the shell to return a non-zero exit status.  If the shell is
     being used non-interactively execution of the shell file  is
     abandoned.  Otherwise,  the shell returns the exit status of
     the last command executed.

ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:
     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|

SEE ALSO
     intro(1),  cd(1),   login(1),   rsh(1),   sh(1),    exec(2),
     passwd(4), profile(4), attributes(5)

NOTES
     The restricted shell, /usr/lib/rsh, should not  be  confused
     with  the remote shell, /usr/bin/rsh, which is documented in
     rsh(1).

SunOS 5.7            Last change: 1 Nov 1993                    2

[root@dfwdba2:$PWD]
0
 

Author Comment

by:erikjensen
ID: 7122108
No good since this does not allow the user to log in as an FTP user.
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 200 total points
ID: 7122321
Are these FTP-only users, or do they also login interactively?

If FTP-only, you can get a copy of wu-ftpd or pro-ftpd and configure it to chroot() to each users' home directory.

If they also login interactively, you can roll your your own login wrapper (not hard to do) to do a similar chroot().

chroot() is the only way to restrict the user to their home directory (there are even ways to break out of the chroot area, but it's much much harder than breaking out of a restricted shell).
0
 
LVL 20

Expert Comment

by:tfewster
ID: 8094053
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- Answered by chris_calabrese

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster
Cleanup Volunteer
0
 
LVL 5

Expert Comment

by:Netminder
ID: 8144336
Per recommendation, force-accepted.

Netminder
EE Admin
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to improve IO of Solaris machine 15 80
Oracle 12c RAC - naming conventions, standards & best practices 4 161
Hyper-threading config in Solaris 6 91
aix tls version 6 209
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now