How do I "jail" a user to just their home directory ?
John H. Robinson, IV
jhriv at ucsd.edu
Thu Sep 6 11:14:15 PDT 2001
On Thu, Sep 06, 2001 at 11:06:33AM -0700, Howard Griffith wrote:
> Is it possible to set it up so that the user could
> telnet to the Redhat box and log in, but be restricted
> such that they can only stay in their home directory
> and not have access to the rest of the machine ??
i believe that you can do this, but you run into some problems:
they need a complete set of libraries in their home dir, or they need to
have all of their apps, that are in their home directory, statically
another way to do it would be to set up a chroot, and run the telnetd
inside that chroot. this way anything that they do is limited inside
that chroot. however, all users would be within the same chroot.
and no matter what kind of jail you set up, realise that there are ways
out of it (not necessarily easy, but it is possible. going through
bugtraq archives will show you ways out of a chroot jail)
i would strongly recommend that you re-evaluate the need to ``limit''
the user to within their home directory. with judicious use of group
permissions, you can keep people out of areas that they don't need to be
in, and still allow other users/daemons to get done what they need to.
i am sorry that i do not have a cookie-cutter solution, though.
More information about the KPLUG-List