Operating System - HP-UX
1748116 Members
3324 Online
108758 Solutions
New Discussion юеВ

Re: Resticted user environment

 
Lucien Wolfs
Valued Contributor

Resticted user environment

I am searching for a way to have my users move in the directory tree and lower, but not higher, eg. user max starts in /home/max , but may not cd into /etc for example. He should reside in 'his' tree. How can I accomplish this ? Is there a shell that does this ?

Please help !
8 REPLIES 8
Lucien Wolfs
Valued Contributor

Re: Resticted user environment

Sorry, I posted in the wrong forum section. Should be security.
Rainer von Bongartz
Honored Contributor

Re: Resticted user environment


look at the restricted version of your standard shell
e.e. rksh
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
Herve BRANGIER
Respected Contributor

Re: Resticted user environment


If you want to do that with a login (telnet...)
you can use restricted shell (like Rainer said)

If you want use ftp, you can see /etc/ftpd/ftpaccess file
(man ftpaccess). You can define your user as a
guest (see guestgroup) and define him with a
new root : is home dir is /home/max/./ to say
that is root is /home/max. In this case you
need to create a "small" filesystem with all
process, minimum etc files... (man ftpd to
create this environment), I think you have to
do the same for applications in restricted
shells because you can't call a command with
a "/" in....

HTH

Herv?



Stefan Schulz
Honored Contributor

Re: Resticted user environment

You can use the restricted versions of ksh or sh. Have a look at rksh and rsh.

They allow to restrict the users access to the system.

Hope this helps.

Regards Stefan
No Mouse found. System halted. Press Mousebutton to continue.
Michael Tully
Honored Contributor

Re: Resticted user environment

You definitely need to look at using the restricted shell. The most common is rsh. Suggest you have a good read of the man pages for this.

Good Luck
Michael
Anyone for a Mutiny ?
Lucien Wolfs
Valued Contributor

Re: Resticted user environment

Thanks everybody. There's still an issue. If you use a restriced shell, the use cannot 'cd',
but he/she can give full path with a command, eg. vi /etc/passwd, or ls -lia / . This is the kind of actions I'm trying to avoid, and I do not know how to.
Michael Tully
Honored Contributor

Re: Resticted user environment

Only other suggestion I have right now is make the user(s) captive within a menu. If they are captive that cannot do anything. Perhaps within your menu you have something like "List Files" or something. Perhaps we can help more if you state your reasoning, so more suggestions can be made.

HTH
Michael
Anyone for a Mutiny ?
Robin Wakefield
Honored Contributor

Re: Resticted user environment

You could also set up a chroot'ed environment.

Robin.