https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355379#M345301 Hi,<BR /><BR />just put /./after home directory,<BR /><BR />(e.i. user1:4ZCqrSQpm07fk:110:20::/pgapsoft/pegains/CRBT/./:/bin/sh<BR /><BR />user will not be able to move from home diectory. Tue, 10 Feb 2009 13:01:23 GMT Md. Farhan A Azam 2009-02-10T13:01:23Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355375#M345297 Hi,<BR /><BR />I would like to create a user with the following access rights:<BR /><BR />1. the user can't live outside his home directory structure<BR />2. ordinary user can access his home directory structure<BR /><BR />Thanks in advance.<BR />-Br<BR />-Ahmad Tue, 10 Feb 2009 08:09:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355375#M345297 Muhammad Ahmad 2009-02-10T08:09:25Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355376#M345298 Shalom,<BR /><BR />Using the restricted shell (rsh) will accomplish this goal.<BR /><BR />You might also consider if you use ssh of setting this user up as a chroot user.<BR /><BR /><A href="http://docs.hp.com/en/5992-3387/ch05s06.html" target="_blank">http://docs.hp.com/en/5992-3387/ch05s06.html</A><BR /><BR />SEP Tue, 10 Feb 2009 08:32:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355376#M345298 Steven E. Protter 2009-02-10T08:32:09Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355377#M345299 Hi Muhammad,<BR /><BR />You need to configure the user with chroot environment. Configuring chroot manually needs lot of work. HP has provided a script to configure chroot simply.<BR /><BR />You need to use the script /opt/ssh/ssh_chroot_setup.sh. This script will create a user and configure that user with chroot environment.<BR /><BR />Also read /opt/ssh/README.hp . It will give you exact steps. Tue, 10 Feb 2009 08:42:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355377#M345299 Ganesan R 2009-02-10T08:42:28Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355378#M345300 If this is an ftp user you may want to look at the following links:<BR /><BR /><A href="http://newfdawg.com/SHP-FTP-anon.htm" target="_blank">http://newfdawg.com/SHP-FTP-anon.htm</A> <BR /><BR /><A href="http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1264911" target="_blank">http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1264911</A> <BR /><BR /><A href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&amp;cc=us&amp;" target="_blank">http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&amp;cc=us&amp;</A><BR />;taskId=115&amp;prodSeriesId=3215373&amp;prodTypeId=18964&amp;objectID=c01516983 Tue, 10 Feb 2009 09:18:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355378#M345300 bright image 2009-02-10T09:18:07Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355379#M345301 Hi,<BR /><BR />just put /./after home directory,<BR /><BR />(e.i. user1:4ZCqrSQpm07fk:110:20::/pgapsoft/pegains/CRBT/./:/bin/sh<BR /><BR />user will not be able to move from home diectory. Tue, 10 Feb 2009 13:01:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355379#M345301 Md. Farhan A Azam 2009-02-10T13:01:23Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355380#M345302 &gt;Farhan: just put /./after home directory,<BR /><BR />I tried this and this doesn't restrict cd with sh/ksh. Where did you here about it? Tue, 10 Feb 2009 21:29:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355380#M345302 Dennis Handly 2009-02-10T21:29:29Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355381#M345303 Hi All, <BR /><BR />Thanks for your time.<BR /><BR />Farhan, i agree with Deniss.<BR /><BR />Secondly, ftp restricted access is given to that user using "chroot" and it's running fine.<BR /><BR />but in this case, only root can access that restricted user's home directory, we need to remove that restriction, so that an ordinary user can also access his home directory sturcture. with in-effect of the existing ftp restricted access for the user.<BR /><BR />-Br<BR />Ahmad Wed, 11 Feb 2009 11:46:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355381#M345303 Muhammad Ahmad 2009-02-11T11:46:39Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355382#M345304 Hi Muhammad,<BR /><BR />By default write permission will not be given to anyone other then the owner of the home directories. In this case only root and owner can have write access.<BR /><BR />If you want to give write access to others as well, use chmod command and give write access to others.<BR /><BR />If you are looking something else, clarify in details. Wed, 11 Feb 2009 11:57:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355382#M345304 Ganesan R 2009-02-11T11:57:32Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355383#M345305 Hi Dennis,<BR /><BR />Sorry for delay in response, i was out of office from last few weeks.<BR />actually..this will work for FTP user..somehow it was posted....So sorry again.<BR /><BR /><BR />Thanks Farhan Tue, 17 Feb 2009 09:03:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355383#M345305 Md. Farhan A Azam 2009-02-17T09:03:24Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355384#M345306 &gt;Farhan: this will work for FTP user<BR /><BR />Yes, I later saw that for ftpaccess(4). Tue, 17 Feb 2009 09:14:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355384#M345306 Dennis Handly 2009-02-17T09:14:49Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355385#M345307 Hi Farhan/Dennis,<BR /><BR />but in this case, we can't restrict the access of that user on shell through telnet/ssh etc. <BR /><BR />-Br <BR />Ahmad Tue, 17 Feb 2009 11:49:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355385#M345307 Muhammad Ahmad 2009-02-17T11:49:04Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355386#M345308 Hi Muhammad,<BR /><BR />If you want to restrict the telnet/ssh access then change the shell to /bin/false Tue, 17 Feb 2009 13:01:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355386#M345308 Ganesan R 2009-02-17T13:01:28Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355387#M345309 &gt;Ganeshan R:If you want to restrict the telnet/ssh access then change the shell to /bin/false.<BR /><BR />In this scenario user will not be able to login in the server through telnet, as user will not get any shell. i think this will work for ftp. Wed, 18 Feb 2009 04:39:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355387#M345309 Md. Farhan A Azam 2009-02-18T04:39:18Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355388#M345310 Hi Ahmad,<BR /><BR />&gt;&gt;In this scenario user will not be able to login in the server through telnet, as user will not get any shell. i think this will work for ftp.&lt;&lt; <BR /><BR />yes , <BR /><BR />But you are looking for "user id" which should be resticted under its own working directory only.?<BR /><BR />Can please try below suggestion under (Development Server)<BR /><BR />Creat account :- UserA<BR /><BR />Edit the /etc/passwd file. Append a "./" to the end of the initial working <BR /><BR />userA:cinUTe/NGII4.:505:125::/home/userA/./:/usr/bin/sh<BR /><BR />otherwise, You need look for resticted shell (or) jailroot<BR /><BR />Thanks,<BR />Johnson<BR /> Wed, 18 Feb 2009 10:59:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-user/m-p/4355388#M345310 Johnson Punniyalingam 2009-02-18T10:59:45Z