Good day! Regarding your concerns, I suggest you first check what group this user belongs to in the first place.
I suggest you create a group with same name as his username. This usually defaults to a restricted group and user. Then, edit /etc/passwd to define his home directory. I suggest you end the definition of his home directory with a slash (/). Hope this helps. On 12/24/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Anyone can tell me how to chroot a user so that he is permitted to go around > only to his account and restricted all other folders? > > >Orlando Andico wrote: > > >> but to what point? the users still need access to the other directories > >> for e.g. their common daily jobs (e.g. starting the most basic of > >> processes requires reading /etc/ld.so.cache) > >> > > > >Remember, it's the shell doing this restricting. Other processes inside > >the path can still read these files. *It doesn't do a real chroot.* No > >restrictions are provided to any processes explicitly, so an admin would > >also need to be very careful not to provide commands in a user's path > >that can allow them to circumvent these restrictions. > > > >> IOW, you've removed their capability to "cd" to those directories, but > >> they can STILL access the contents of those directories by giving the > >> absolute path. so what is gained by inconveniencing them? > >> > > > >According to the bash man page, the following is further prohibited: the > >specification of any command that contains a slash. They can't access > >the contents of those directories unless a command they have in their > >path explicitly uses them. The shell will prevent them from doing, say > >cat /etc/passwd because the command line contains slashes, but it would > >not prevent a program that read some file in /etc as part of its > >operation, as what programs do on their own are outside the shell's >control. > > >-- While there is a lower class, I am in it, while there is a criminal > >>element, I am of it, and while there is a soul in prison, I am not free. > >>http://stormwyrm.blogspot.com/ > >_________________________________________________ Philippine Linux Users' > >Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) > >Read the Guidelines: http://linux.org.ph/lists Searchable Archives: > >http://archives.free.net.ph > Regards, > Iris Lames > Brainbench Transcript no: 4387542 > Linux user: 298456 > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Read the Guidelines: http://linux.org.ph/lists > Searchable Archives: http://archives.free.net.ph > -- Tito Mari Francis H. Escaño Computer Engineer and Free Software Proponent _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
