Hi all,
I am using RHEL 5.0
I need a user say test to have full access to two directories, say /tmp1 & /tmp2 only other than his home directory.
I do not want to change his login shell which is ksh or bash by default.
Moreover, he should not even have read access of other directories.
Pls help!!
Thanks in adv,
VIKAS
For the user test to be able to run some utilities he may need read access to some files perhaps in /etc or /lib.
Your best bet is to chroot this user - put the user in chroot jail, creates links in his home directory to /tmp1 & /tmp2. This is what is often done with ftp accounts to lock them into completely known file trees
Can you please exlain a little bit how to put this user in chroot jail.
Thanks.
Thanks Yogesh,
I am trying it,
will get back to you.
Thanks again.
Hi,
I followed this link exactly, How to Setup a Chroot Jail - Technical Article Wiki
but still when i logged in through user jdoe. I could easily change directories.
Thanks.
I downloaded a script from the below link
fuschlberger.net - Howto Setup a chroot-jail for ssh/scp with Linux
everything went fine except this,
I am running this script as
I am able to login to user jdoe BUT still I am able to change directories. Am i doing something wrong. Pls help. !!
Thanks.
Hi all,
Now i got some success in achieving jail.
I have used the above mentioned script fuschlberger.net - Howto Setup a chroot-jail for ssh/scp with Linux and ran it as
Code:
Now, I need to give full access to other two directories to jdoe, say /tmp1 and /tmp2 which at present I cannot access when I login as ssh jdoe@localhost.
Here, I am pasting my variables.
bash-3.1$ set
BASH=/bin/sh
BASH_ARGC=()
BASH_ARGV=()
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="3" [1]="1" [2]="17" [3]="1" [4]="release" [5]="i686-redhat-linux-gnu")
BASH_VERSION='3.1.17(1)-release'
COLUMNS=157
DIRSTACK=()
EUID=501
GROUPS=()
HISTFILE=/home/jdoe/home/jdoe/.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOME=/home/jdoe/home/jdoe
HOSTNAME=RHEL
HOSTTYPE=i686
IFS=$' \t\n'
LD_LIBRARY_PATH=/usr/kerberos/lib
LINES=52
LOGNAME=jdoe
MACHTYPE=i686-redhat-linux-gnu
MAIL=/var/mail/jdoe
MAILCHECK=60
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/home/jdoe/home/jdoe/bin
PIPESTATUS=([0]="0")
PPID=18143
PS1='\s-\v\$ '
PS2='> '
PS4='+ '
PWD=/home/jdoe/home/jdoe
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
SHLVL=1
SSH_CLIENT='127.0.0.1 43358 22'
SSH_CONNECTION='127.0.0.1 43358 127.0.0.1 22'
SSH_TTY=/dev/pts/0
TERM=xterm
UID=501
USER=jdoe
_=set
-bash-3.1$
How, can I modify the script (or some other way) to achieve this ????
Pls help.
Thanks.
Like Jim suggested, add hard links to those directories to the root of the user's chroot jail.
Or do it the other way round, move them into the chroot jail and give other users access to those directories as necessary.
thanks to all, you people helped me a lot.
Thanks again.
I also tried this but i dont understand how to use this. I have downloaded the script, i want to do this with user mike, what command method should i follow, i tried all user can easily change the directories, pls guide me.
Regards,
Bash