System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How to restrict a user to a single directory?

dictum9
Super Advisor

How to restrict a user to a single directory?

I need to create a user on a 11.31 system and restrict that user to a single directory. The user should have no access to any other files or directories on the system.

 

Another possibility is to create an SFTP account for that purpose. So the user can only do put and get on the files in that directory.

 

 

4 REPLIES
Steven Schweda
Honored Contributor

Re: How to restrict a user to a single directory?

> I need to create a user on a 11.31 system and restrict that user to a
> single directory. [...]

   As before ( http://community.hpe.com/t5/x/x/m-p/6841471 ), it's often
more helpful to describe the actual problem which you are trying to
solve than it is to ask how to implement some particular "solution" to
that problem.

   A forum search for keywords like, say:
       sftp chroot
should find multiple old threads which cover the SFTP case, and which
might apply more generally.

dictum9
Super Advisor

Re: How to restrict a user to a single directory?

I did it, very simple actually:

sshd_config

Match User user1

   ChrootDirectory /dir1
   ForceCommand internal-sftp
   AllowTcpForwarding no
   X11Forwarding      no

 

then create a user in the passwd file with the home dir of the above and /bin/false for shell.

 

chmod -R 755 /dir1

cd dir1; chmod -R 775 *

chown -R root:dba /dir1

 

The contents of the directory have to be owned by root

 

Steven Schweda
Honored Contributor

Re: How to restrict a user to a single directory?

> I did it, very simple actually:
> [...]

   For SFTP.

   I've done this (long ago) for plain FTP, but not for SFTP.  With
SFTP, does an SFTP client command like "ls" work without your creating
things like "/dir1/bin/ls" on the server?

dictum9
Super Advisor

Re: How to restrict a user to a single directory?

yes, ls -l works.