How to create a user, who can access only his home directory
How to create a user which can access only his home directory .
The user should not see any other directories. I used the following process, #adduser user1 And then in /etc/passwd file I edited bash shell to /bin/rbash then he is not able cd. but he can view the content of file's with path for example # vim /etc/passwd I want user can not able to view any other files or directories except his Thanks Suresh |
Privileges are assigned to files and directories, and are given in 3 categories: owner, group, and others. By default, any new user is set up as the owner of everything in their ~ (/home/<username>) directory, and--also by default-- users will not be able to see the files of any other user.
System configuration files are normally set up as "read only" for ordinary users, and executable files as read and execute. Do you have an example of you would need a new user to have privileges different from the defaults? |
Quote:
|
Quote:
Maybe you are looking for a chroot jail? |
Quote:
Look --for example--in /etc: Here are two typical permission setups: -rw-r--r-- 1 root root 5649 Apr 14 13:33 rc_maps.cfg -rwxr-xr-x 1 root root 684 Jul 3 22:37 rc.multi As a normal user (not a member of the "root" group) I fall into the "other" category--thus I can read both files, and I can execute one of them. Then look at the user directories in /home. You will see that only the owner of the files has any privileges at all. Go here: http://www.tldp.org/LDP/intro-linux/html/ look at Section 3.4 |
Quote:
suresh.k - What you're asking for is not possible. The user MUST have access to many of the files outside their home directory, such as /bin/bash, /etc/passwd, etc. Without access to these files, they will not be able to log in or run any commands at all. For example, when you run "mv", you're actually executing a program called mv, which lives in /bin/. If the user doesn't have access to /bin, they can't run mv. A chroot jail is a way of setting up a new "filesystem" for the user, which contains only the files and directories that the user needs access to. You place this new "filesystem" somewhere on the real filesystem, such as /usr/local/chroot. Inside /usr/local/chroot, you'll have all of the regular bin, etc, home directories. When the user logs in, they are placed in their own home directory in this new "filesystem", and are only able to see the files around them. So what they think is /, or /etc, are actually /usr/local/chroot and /usr/local/chroot/etc. |
The restricted shell you are trying to run (rsh) is actually supposed to prevent the user from using cd. But then you have to copy the essential commands and programs that the user is supposed to be able to run into the user home directory. If you don't you'll have a useless user account.
Oh sorry. I read that as 'not being able to cd' is the problem. Use a chroot then. The user will still be able to read any files inside the chroot. |
Thanks for your suggestions
|
All times are GMT -5. The time now is 08:56 AM. |