[plug] Re: restricting user access
Daniel Axtens
danielax at gmail.com
Thu May 5 08:12:11 WST 2005
If you do need to provide shell functionality, I suggest busybox
(busybox.net). IIRC it provides all your favourite shell commands,
like ls/cd/etc, in one binary.
HTH,
Daniel
On 5/4/05, Jon Miller <jlmiller at mmtnetworks.com.au> wrote:
> Thanks I would appreciate it.
>
> Jon
>
> >>> something.rotten at gmail.com 7:26:23 pm 4/05/2005 >>>
> I'll have to check but on Pegasus I believe we chroot into our home
> directories and the same style thing when we vnc or ftp in, ftp gives
> home and vnc gives you a screen as though your logged in to, say, a
> winxp machine (without the security holes)
>
> i can check on it if you'd like...we may have a few docvs about it too
>
> On 5/4/05, Jon Miller <jlmiller at mmtnetworks.com.au> wrote:
> > No it'll have to be chroot, because we do not want the user to be able to see any other file other than whats in their home directory. They are not allowed to cd to any other location.
> >
> > I'll have a read on chroot.
> >
> > Thanks
> >
> > >>> danielax at gmail.com 5:20:40 pm 4/05/2005 >>>
> > Restrict in what way?
> > If you want to prevent users from modifying[1] any files that are not
> > in their home directory, or reading others files, then you need to set
> > restrictive permissions - for example, the users' home directories
> > should probably have 700 (or rwx------) as their permissions, and
> > permissions elsewhere should be locked down.
> >
> > If you want to prevent users from even seeing anything else: if you
> > want them to think that they are at ther root of the filesystem, you
> > might want to look into chroot. Unfortunatly, this can get
> > complicated, as they then need, for example, their own shell if they
> > are going to log in interactively.
> >
> > If I've misunderstood you, please let me know.
> >
> > HTH,
> > Daniel
> >
> > [1] Users still need to be able to access /usr, for example, as they
> > need shells/programs/etc.
> >
> > On 5/4/05, Jon Miller <jlmiller at mmtnetworks.com.au> wrote:
> > > Like to know how to restrict a users access to just the directory they are
> > > assigned to. This is on a Debian server.
> > >
> > >
> > > Thanks
> > >
> > > _______________________________________________
> > > PLUG discussion list: plug at plug.org.au
> > > http://www.plug.org.au/mailman/listinfo/plug
> > > Committee e-mail: committee at plug.linux.org.au
> > >
> >
> > --
> > Neuronstorm: neuronstorm.sourceforge.net
> > The Neuronstorm Blog: leinad-golb.blogspot.com
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au
> > http://www.plug.org.au/mailman/listinfo/plug
> > Committee e-mail: committee at plug.linux.org.au
> >
> >
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au
> > http://www.plug.org.au/mailman/listinfo/plug
> > Committee e-mail: committee at plug.linux.org.au
> >
> >
> >
> >
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
>
>
>
--
Neuronstorm: neuronstorm.sourceforge.net
The Neuronstorm Blog: leinad-golb.blogspot.com
More information about the plug
mailing list