Solved

Lock down a user to just their home directroy

Posted on 2004-05-02
4
339 Views
Last Modified: 2013-12-16

I have a group of people that I want to have read/write access to a directory.  They are windows users that will be useing the winscp software to download pictures of homes.  

I want to limit them to just that one directory.  They are currenty a memeber of the "user's" group and have a shell of /bin/bash.

Should I change the shell to nothing? Should I create a new group and not give them rights to anything.  Should I to a changeroot jail.

I do not want anybody deleting any of my system files and I do not want them viewing any images on my system that were not intended for them to view.

Winscp is working NOW so I would like to get this fixed before someone gets curious

timfox123
0
Comment
Question by:TIMFOX123
  • 2
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 500 total points
ID: 10974065
You can setup "chroot login" to do the job, have a look at the following doc to get some
idea about how to set it up:

http://www.tjw.org/chroot-login-HOWTO/

also have a look at:

http://chrootssh.sourceforge.net/index.php
0
 

Author Comment

by:TIMFOX123
ID: 10974421
I am reviewing this.  It appears scponly is a grand tool for his and I am evaluating this.  

Any commnents on scponly ?

Dave
0
 
LVL 38

Expert Comment

by:yuzh
ID: 10974893
Here's another example of chroot login setup:

http://www.kegel.com/crosstool/current/doc/chroot-login-howto.html
0
 

Author Comment

by:TIMFOX123
ID: 10991861
scponly really ROCKS !!!!

I have a passworded share and the windows users use a gui winscp to drag/drop to my share.  They are change root jailed so they can not mess with my other files.   Easy safe secure (ish).  

This was so much easier than making a jail, you just typed in the make jail and it made a change root jail.  

Wahhooo, I am happy.  Now the other people in the Home Owners Association do not think I am a moron (untill another day).

Dave
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AWS EC2 Linux 1 54
Why VNC doesn't work in Redhat? 11 39
BASH script to modify crontab? 3 50
Linux VM 6 44
Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now