1748169 Members
4249 Online
108758 Solutions
New Discussion юеВ

Only home directory

 
Alexander E. Ivanov
Frequent Advisor

Only home directory

Hello!

I am using Exceed.
Is it possible to make inaccessible to viewing all directory, except for home directory?

Thank you.
4 REPLIES 4
Pete Randall
Outstanding Contributor

Re: Only home directory

You should take a look at the restricted shell. Do a man on sh-posix and look for rsh.

Pete

Pete
Michael Steele_2
Honored Contributor

Re: Only home directory

In the /etc/passwd file set the user's shell to restricted shell. For korn shell, /usr/bin/ksh use /usr/bin/rksh. For bourne of Posix use /usr/bin/rsh, etc. Review /etc/shells for alternatives.
Support Fatherhood - Stop Family Law
Vincent Fleming
Honored Contributor

Re: Only home directory

You need some of the other directories in order to log in and do anything on a UNIX machine - for example, you need access to /bin and /usr/bin and any other directory containing binaries and configuration files (such as /etc).

You can create a "sandbox" using "chroot", but you would need binaries and config files under the user's new "root" directory. See :man chroot" for some details, and look up the docs on creating an anon. FTP server for some clues.

-Vince
No matter where you go, there you are.
Steve Steel
Honored Contributor

Re: Only home directory

Hi


From man page

The cd command cannot be executed by rksh.


Thus a restricted shell is best

rsh Restrictions
rsh is used to set up login names and execution environments where
capabilities are more controlled than those of the standard shell.
The actions of rsh are identical to those of sh, except that the
following are forbidden:

o Changing directory (see the cd special command and cd(1))
o Setting the value of SHELL, ENV, or PATH
o Specifying path or command names containing /
o Redirecting output (>, >|, <>, and >>)

The restrictions above are enforced after the .profile and ENV files
are interpreted.

When a command to be executed is found to be a shell procedure, rsh
invokes sh to execute it. Thus, the end-user is provided with shell
procedures accessible to the full power of the standard shell, while
being restricted to a limited menu of commands. This scheme assumes
that the end-user does not have write and execute permissions in the
same directory.

These rules effectively give the writer of the .profile file complete
control over user actions, by performing guaranteed set-up actions and
leaving the user in an appropriate directory (probably not the login
directory).

The system administrator often sets up a directory of commands
(usually /usr/rbin) that can be safely invoked by rsh. HP-UX systems
provide a restricted editor red (see ed(1)), suitable for restricted
users.


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)