1839268 Members
2745 Online
110137 Solutions
New Discussion

Re: Restricting Access

 
SOLVED
Go to solution
Anthony_69
Occasional Contributor

Restricting Access

Hi all....
this is my first post here so please ignore me if i'm being a bit thick!
I was just wondering if when setting up a new user, is it possible to restrict access for that user to just one directory. eg: when this user logs in, it takes them directly to /tmp and they are not allowed to move from that directory? Thanks in advance.....
8 REPLIES 8
Stefan Farrelly
Honored Contributor
Solution

Re: Restricting Access

Yes, you need to use restricted shell. This stops the user using the cd command to change dir out of the one they log into.

See man sh (and look at the rsh section)
Im from Palmerston North, New Zealand, but somehow ended up in London...
Ian Dennison_1
Honored Contributor

Re: Restricting Access

Restricted Shell

/usr/bin/rsh
/usr/bin/rksh

Lock them into their own home directory though! /tmp has different style of permissions set.

Share and Enjoy! Ian
Building a dumber user
V.Tamilvanan
Honored Contributor

Re: Restricting Access

Hi,
Yes. You can do this by assigning restricted shell as default shell.
You can do this when u r creating user by using sam. Or edit /etc/passwd and change the last field which is the default shell.

Ex:-

weblogic:ZeGnatv/lC1z.:106:20:Weblogic test acc,,,:/tmp:/usr/bin/rksh


HTH
Anthony_69
Occasional Contributor

Re: Restricting Access

thanks guys. when i assign this user the rsh, where do I specify the locked directory?
V. V. Ravi Kumar_1
Respected Contributor

Re: Restricting Access

Hi,
u can use restricted shell like rsh or rksh.

Regards
Never Say No
Ian Dennison_1
Honored Contributor

Re: Restricting Access

The locked directory should be their home directory.

Cheers, Ian
Building a dumber user
Pete Randall
Outstanding Contributor

Re: Restricting Access

You specify their home directory, which is the one they are restricted to, in the /etc/passwd entry for the user. Typically this would be /home/username, but I guess you could make it /tmp if you really wanted.


Pete

Pete
Anthony_69
Occasional Contributor

Re: Restricting Access

cheers guys. much appreciated