?
Solved

Making the nix box more secure! #1

Posted on 2004-10-05
3
Medium Priority
?
263 Views
Last Modified: 2010-04-20
Hello there,
I have a fedora Linux server with ensim control panel,
Sometimes i give free shells to my friends so they can
Do whatever they want, only for good purposes.
I don’t want them to start going everywhere in there
I mean when they type cd /home and they can see the
Other users dir and files or in /usr anywhere, i don’t want
Any of my friends to be able to see any of those dirs or files
Any way to make that happen? when i add a user i do
adduser "namehere" then it will be added in "/home/namehere"
Thanks for any help!
0
Comment
Question by:Xtry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:blkline
ID: 12229563
This is normal for a Unix box.  You could set up a chroot jail if you so desired but frankly, anything that the users shouldn't get to is protected from them  (or it should be unless you really screwed things up!).

Take note that although one user can do a "cd /home" and see the user's home directories, they can't by default look in them.  The permissions for a home dir are 700, thus giving no access to any but the user (owner) himself.  Try it yourself -- create a new user and then attempt to cd into that user's home directory.  You shouldn't be able to!

Barry



0
 
LVL 6

Expert Comment

by:blkline
ID: 12229586
One other thing -- you didn't mention if you were using FC1 or FC2... the latter has vestiges of SELinux so you can use access control lists.  That will give you better (finer grained) control than earlier versions.  It's turned off by default so you'll need to do a little research before enabling it if you want to use it.

Barry
0
 
LVL 3

Accepted Solution

by:
nalanbar earned 2000 total points
ID: 12247458
chmod the directories. Chmod works one three levels: owner, group, everyone else. If you chmod a directory to 764, for example, you will give the owner full permissions, the group write permissions, and everyone else only read permissions. If you use 700, the owner will have full controll, but noone, other than root will be able to look into the directory. Again, the command is "chmod ###" 1 is equal to execute, 2 is equal to write, 4 is equal to read... add the number of the permissions you want together, and that is the umber you use for that field. For example, owner=full permissions, group= read, others get none= chmod 740 (file or directory name).
You can get more info on it if you use man chmod, or here, http://www.mkssoftware.com/docs/man1/chmod.1.asp though this webpage is a little heady...
You could also look into chattr, although that is a HUGE step above chmod...
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month11 days, 22 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question