Operating System - Tru64 Unix
1748113 Members
3486 Online
108758 Solutions
New Discussion юеВ

query on user directory

 
SOLVED
Go to solution
Ronny_7
Regular Advisor

query on user directory

Hi,

I wishes to prevent my users from reading other directories other than their own default users directory.

The users are still able to cd down to their own sub-directories.

Any advise?

Regards,
Ronny
11 REPLIES 11
Alexey Borchev
Regular Advisor

Re: query on user directory

Try chroot.
man chroot

The restricted shell - Rsh can help as well.
(Beaware, rsh and Rsh - are diffrent things! I mean exactly Rsh)

man Rsh
The fire follows shedule...
Joris Denayer
Respected Contributor

Re: query on user directory

Hi Ronny,

If you want to prevent a user of cd-ing from his directory, you can use Rsh (restricted shell). You can invoke the restricted shell f.i. by changing the last entry in the passwd file. However, the restricted shell can be too restricted for most of the users, because they will also not be able to change to their own sub-directories.

It is indeed also possible to do this with chroot during startup of the login sequence. But then you must populate each usersdirectory with all executables, sharedlibraries, etc-files, ...
At that moment the userdirectory becomes the root for that particular user.
You must decide which executable and which library is necessary and which isn't. This takes between 80 and 100MB per user-directory.
So, if you have lots of users, this could be a problem.

If you only want to prevent users to look in the directories of other users, then I think that it is easier to play with the permissions of the users homedirs

f.i.: As root, you can run:

# chmod 700 /usr/home/
# chown /usr/home/

Now only the user (and root) will be able to access or to read the contents of /usr/home/
All the others will get a "Permission Denied" message.


Anyway, there is no easy solution.

Joris
To err is human, but to really faul things up requires a computer
Caesar_3
Esteemed Contributor

Re: query on user directory

Hello!

Work on the directorys permissions so the
home dirs would belong to owners and the group and other could read the dirs.

Caesar
Ronny_7
Regular Advisor

Re: query on user directory

Hi Joris,

Thank you for the detailed explanation.

By changing the users directory permission does prevent other users from reading the directory.

But, forgive me for my limited knownledge, what I want is to prevent the user to cd to other directories and is still able to cd to his own sub-directories.

Does the chroot and Rsh able to achieve this?

Regard,
Ronny
Ralf Puchner
Honored Contributor

Re: query on user directory

Rsh does not support this, you'll get an "restricted" if using "cd" command to other directories.

chroot support this, because it does not limit the access within your home directory.
e.g. "cd .." doesn't work, but "cd test" works
Help() { FirstReadManual(urgently); Go_to_it;; }
Caesar_3
Esteemed Contributor

Re: query on user directory

Hello!

If you don't want that user will enter to
his directorys you change the owner of the
directory or remove the read option from directory.

Maybe i didn't understand why user could enter
to his sub directorys (if it's his)?

Caesar
Alexey Borchev
Regular Advisor

Re: query on user directory

As far as I know, there are 3 permission bits on files - read, write, execute.
For directories seme bits are - read, write, search.

1) If You disable searching the directory for a user, he will not be able to "enter directory" - i.e. do make it current = cd .

2) {I am not 100% sure, but it's easy to test}
- If user has no rights to search directiry, all sub-directiries will be inaccessible as well.

try experimenting with ownership, serach permission on directories and
man chmod

The fire follows shedule...
Ronny_7
Regular Advisor

Re: query on user directory

Hi Ralf,

Thanks for the advise, I will explore on the chroot command.

Hi everyone who reply to this query,

Thank you for your time and advise.

Regards,
Ronny
Joris Denayer
Respected Contributor
Solution

Re: query on user directory

Ronny,

You can search in the "itrc search field" on f.i. chroot login.
This will give ~50 articles about issues with chroot.
One interesting topic could be http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x595b2d88ce9cd711abdc0090277a778c,00.html

Rgrds
To err is human, but to really faul things up requires a computer