HPE Community
Operating System - HP-UX
1825764 Members
2123 Online
109687 Solutions
New Discussion

Re: Secure User

 
Stephen Young_1
Occasional Advisor

‎03-01-2002 02:08 AM

‎03-01-2002 02:08 AM

Secure User

Hi,

I have created a standard unix user with ksh shell.
Is there a way of only allowing the user to create files in his home directory ?
I have tried using /home/user/./ but doesn't work

Cheers
0 Kudos
Reply
2 REPLIES 2
Steven Sim Kok Leong
Honored Contributor

‎03-01-2002 02:13 AM

‎03-01-2002 02:13 AM

Re: Secure User

Hi,

One way is to use chroot, so that the virtual root is /home/user

The other way is to use restricted sam, force the user to run sam upon login in the /etc/profile or /etc/csh.login within traps.

In your restricted sam, configure a script that prompts the user for a file to be created. This script sanitizes the input and removes any pathname attached ie. only taking the filename.

In this way, the user can only create files in his home directory. You can also restrict the commands this user can perform using restricted sam.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎03-01-2002 02:27 AM

‎03-01-2002 02:27 AM

Re: Secure User

Hi,

Strictly speaking, I don't think you want to restrict the user to just only write files in /home/user.

There are a lot of programs that require temporary files to be written especially in /tmp and /var/tmp (such as vi).

If you remove the write access, then such programs are likely to encounter difficulties in running. You may have to perform quite a bit of reconfiguration as a result.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.