Hi

Is there a way to lock users in their home directories allowing them only to
access sub directories in their home dir and a directory with tools that
i've specified?
I've tried but can't figure it out :-|

Thanks
Morten

--
replace .hej with .com at the end of my e-mail.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2004-01-06, Morten Lundstrøm <semizealot@iname.hej> wrote:
> Is there a way to lock users in their home directories allowing them only to
> access sub directories in their home dir and a directory with tools that
> i've specified?

man bash

search for RESTRICTED SHELL

- --keith

- --
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/+gIEhVcNCxZ5ID8RApmBAKCVCrFg7NzxksxFrTcVlVQo7BM86Q Cfcst9
A5WGOj7P8Pty+zQLHKnBFdQ=
=83Wv
-----END PGP SIGNATURE-----

"Morten Lundstrøm" <semizealot@iname.hej> writes:

>Is there a way to lock users in their home directories allowing them only to
>access sub directories in their home dir and a directory with tools that
>i've specified?
>I've tried but can't figure it out :-|

You can maybe try giving them a restricted shell. If it doesn't
exist, make "rbash" a symlink to bash, and then give the user "rbash"
as a shell. Then use ".profile" to set an initial PATH. They won't
be able to change their PATH nor cd to a different directory.

There are probably loopholes in the restrictions, but it may do well
enough for your needs.

Morten Lundstrøm wrote:

> Hi
>
> Is there a way to lock users in their home directories allowing them only
> to access sub directories in their home dir and a directory with tools
> that i've specified?
> I've tried but can't figure it out :-|
>
> Thanks
> Morten
>
Try the command "chroot".

LinuxSneaker <mgmanry@linuxorbit.com> wrote in message news:<aInKb.1386$lE.1116982@news3.news.adelphia.ne t>...
> Morten Lundstrøm wrote:
>
> > Hi
> >
> > Is there a way to lock users in their home directories allowing them only
> > to access sub directories in their home dir and a directory with tools
> > that i've specified?
> > I've tried but can't figure it out :-|
> >
> > Thanks
> > Morten
> >
> Try the command "chroot".
**

set up their login shell as bash -r, restricted shell
set them up with a menu of allowed tasks with a trap for
the interrupts, so that any attempt to exit the menu will
log them out. Setting this up within a chroot jail would
be more secure.

This is an interesting article about chroot jail:
http://www.linux-mag.com/2002-12/chroot_01.html

Walt R.

LinuxSneaker wrote:
> Morten Lundstrøm wrote:
>
>
>>Hi
>>
>>Is there a way to lock users in their home directories allowing them only
>>to access sub directories in their home dir and a directory with tools
>>that i've specified?
>>I've tried but can't figure it out :-|
>>
>>Thanks
>>Morten
>>
>
> Try the command "chroot".

Not to put a damper on your advice, but 'chroot' won't help without a fair bit
of preparation.

With chroot, each user will require a clone of the root filesystem (/, parts of
/etc, /bin, /sbin, /usr/bin, /usr/sbin, /usr/local, etc.). Without these, you
lock users out of the system completely, rather than just locking them into
their home directory.

--
Lew Pitcher

Master Codewright and JOAT-in-training
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.

On Tue, 6 Jan 2004 01:04:11 +0100, Morten Lundstrøm <semizealot@iname.hej> wrote:
>
>
> Hi
>
> Is there a way to lock users in their home directories allowing them only to
> access sub directories in their home dir and a directory with tools that
> i've specified?
> I've tried but can't figure it out :-|
>
> Thanks
> Morten
>

You can replace their shell in /etc/passwd with a script that will permit
only certain commands to be run.

A case menu would work very well for this purpose.

Choose one these commands or log out....

trap "kill -9 $$" INT TSTP

would keep them from using Ctrl-c or Ctrl-z to get out of the menu


AC

On Wed, 07 Jan 2004 08:01:25 GMT, Alan Connor <zzzzzz@xxx.yyy> wrote:
>
>
> On Tue, 6 Jan 2004 01:04:11 +0100, Morten Lundstrøm <semizealot@iname.hej> wrote:
>>
>>
>> Hi
>>
>> Is there a way to lock users in their home directories allowing them only to
>> access sub directories in their home dir and a directory with tools that
>> i've specified?
>> I've tried but can't figure it out :-|
>>
>> Thanks
>> Morten
>>
>
> You can replace their shell in /etc/passwd with a script that will permit
> only certain commands to be run.
>
> A case menu would work very well for this purpose.
>
> Choose one these commands or log out....
>
> trap "kill -9 $$" INT TSTP
>
> would keep them from using Ctrl-c or Ctrl-z to get out of the menu
>
>
> AC
>


Actually, it would be fairly easy to write a script that would present what
LOOKED like a regular prompt, but would check every command before running
and return an error message for any cd command not in the home directory,
and any command that tried to OPERATE on a file not in the home directory.

You'd need to alias some commands like vi so that they couldn't
access external commands, deny them the use of some, and make the user's
..bashrc and .bash_profile owned by root, but that's not a big deal.

AC

Thank you all for your time, I will try to look the suggestions through and
see which one suit my needs the best :-)

Regards
Morten

Hi,

> Is there a way to lock users in their home directories allowing them
only to
> access sub directories in their home dir and a directory with tools
that
> i've specified?
> I've tried but can't figure it out :-|

Maybe here : http://www.tjw.org/chroot-login-HOWTO/

--
S. Roy