HPE Community
Operating System - HP-UX
1832719 Members
2788 Online
110043 Solutions
New Discussion

keep user in their dir.

 
SOLVED
Go to solution
someone_4
Honored Contributor

‎06-29-2001 01:42 PM

‎06-29-2001 01:42 PM

keep user in their dir.

Is there a way to keep a user in their own
home/user/ dir ?

Richard
0 Kudos
Reply
5 REPLIES 5
A. Clay Stephenson
Acclaimed Contributor

‎06-29-2001 01:45 PM

‎06-29-2001 01:45 PM

Re: keep user in their dir.

Yes Richard,

That is what the sh -r (restricted mode) I mentioned in one of your previous postings does for you.
I suggest that you man sh-posix | lp and look over the Restricted Shell Section.

Regards, Clay
If it ain't broke, I can fix that.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-29-2001 02:38 PM

‎06-29-2001 02:38 PM

Re: keep user in their dir.

Note that the restricted shell is VERY restricted. Users will not have access (including reading or executing) anything outside their $HOME directory.

Do your users actually need a shell prompt? By writing a menu program and replacing their shell with the menu program, you can eliminate any problems with users doing unwanted things to the system.


Bill Hassell, sysadmin
0 Kudos
Reply
Herve BRANGIER
Respected Contributor

‎06-30-2001 02:32 AM

‎06-30-2001 02:32 AM

Re: keep user in their dir.

Hi Richard

You can put users in a chrooted
environment. You copy all binaries
used by them and do a "virtual"
root in users directory. To do
that the you can modify /etc/profile
or get login program src and add
a chroot command (for example to
work with the same syntax in /etc/passwd
than for ftpd) I did that and it worked
well.

See ftpd man page to have an idea
of how work a chrooted
environment

HTH

Herv?

0 Kudos
Reply
Thierry Poels_1
Honored Contributor

‎06-30-2001 11:23 PM

‎06-30-2001 11:23 PM

Re: keep user in their dir.

hi,
restricted shell will help as long as the user can't start another shell!! If he's able to do that, then he's free again to go wherever he wants.
I prefer to keep the users in a menu system (as already mentioned) and keep them away from the command line. But you have to be aware that your applications don't have an open gate to the command line (e.g. vi allows you to execute shell commands).

regards,
Thierry
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎07-01-2001 04:09 AM

‎07-01-2001 04:09 AM

Solution

Re: keep user in their dir.

Hi Richard,
Following Thierry's advice (that is also compatible with restricted shell, well till now I havent had any feedback showing its not a 2 users with such configuration (menu driven and rsh), - I would set perm 755 root:bin to users home directory AND .profile in order to be sure the user cannot cp .profile to something else (and maybe modify it...), remove it and replacing it by his own although you set perms to root on it...

Dont forget to trap ctrl-C in users .profile:
(HPUX10.20 example)
# Inhibe la sortie par Ctrl+C
trap 'echo "^G^G^G" ;' 1 2 15


Good luck and all the best

Victor
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.