https://community.hpe.com/t5/operating-system-hp-ux/secure-user/m-p/2674187#M51652 Hi,<BR /><BR />Strictly speaking, I don't think you want to restrict the user to just only write files in /home/user.<BR /><BR />There are a lot of programs that require temporary files to be written especially in /tmp and /var/tmp (such as vi). <BR /><BR />If you remove the write access, then such programs are likely to encounter difficulties in running. You may have to perform quite a bit of reconfiguration as a result.<BR /><BR />Hope this helps. Regards.<BR /><BR />Steven Sim Kok Leong Fri, 01 Mar 2002 10:27:47 GMT Steven Sim Kok Leong 2002-03-01T10:27:47Z https://community.hpe.com/t5/operating-system-hp-ux/secure-user/m-p/2674185#M51650 Hi,<BR /><BR />I have created a standard unix user with ksh shell.<BR />Is there a way of only allowing the user to create files in his home directory ?<BR />I have tried using /home/user/./ but doesn't work<BR /><BR />Cheers Fri, 01 Mar 2002 10:08:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/secure-user/m-p/2674185#M51650 Stephen Young_1 2002-03-01T10:08:30Z https://community.hpe.com/t5/operating-system-hp-ux/secure-user/m-p/2674186#M51651 Hi,<BR /><BR />One way is to use chroot, so that the virtual root is /home/user<BR /><BR />The other way is to use restricted sam, force the user to run sam upon login in the /etc/profile or /etc/csh.login within traps.<BR /><BR />In your restricted sam, configure a script that prompts the user for a file to be created. This script sanitizes the input and removes any pathname attached ie. only taking the filename. <BR /><BR />In this way, the user can only create files in his home directory. You can also restrict the commands this user can perform using restricted sam.<BR /><BR />Hope this helps. Regards.<BR /><BR />Steven Sim Kok Leong Fri, 01 Mar 2002 10:13:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/secure-user/m-p/2674186#M51651 Steven Sim Kok Leong 2002-03-01T10:13:53Z https://community.hpe.com/t5/operating-system-hp-ux/secure-user/m-p/2674187#M51652 Hi,<BR /><BR />Strictly speaking, I don't think you want to restrict the user to just only write files in /home/user.<BR /><BR />There are a lot of programs that require temporary files to be written especially in /tmp and /var/tmp (such as vi). <BR /><BR />If you remove the write access, then such programs are likely to encounter difficulties in running. You may have to perform quite a bit of reconfiguration as a result.<BR /><BR />Hope this helps. Regards.<BR /><BR />Steven Sim Kok Leong Fri, 01 Mar 2002 10:27:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/secure-user/m-p/2674187#M51652 Steven Sim Kok Leong 2002-03-01T10:27:47Z