I want to limit the directories that a user can
access. When this users logs in, I do not want
them to cd to any directory but those in their
$HOME. In other words:
login:
pwd:
/home/user
cd / -- user tries to cd to root directory.
pwd
/home/user -- user is still in home directory
but can cd to subdirectories in their $HOME
cd /home/user/dir1
pwd
/home/user/dir1
Any help would be greatly appreciated.
Oscarr.
I don't know the answer...but I do know that this can be set up for ftp accounts, maybe the same logic can be applied locally? Anyone know how this is set up with ftp?
It can get very complicated and messy very quickly, but it can be done with chroot. I believe it has been laid out a few time in these forums before - try searching for "chroot" or "chroot user"...
you can change the permissions of the directories /root and whatever directories you want to by the command chmod. but if you do not allow the user to access /lib and /usr directories, then it could be problematic as they contain the most common libraries and commands to be used by most common program. say if he is doing C programming, then removing the permissions of /lib directory will stop him from doing any kind of programmig.
Changing the permissions on system directories, (especially /) will screw up your system very fast.
Many unix commands depend on system directories being accessable. Unix is not intended to have system directories locked away from users.
The only time that I have done this was to establish a super limited account for communications engineers to use to prove that our system was accessable. They could log in and run the echo command. And they could ise "exit" to log off. And that was it. If you want an account that tight, you can use chroot. But it won't be able to do much else.
Also, whenever people want something like this, they seem to focus on the cd command.
Doing something like:
cd /etc
cat passwd
is not very much different from:
cat /etc/passwd