CODEWITHSUNDEEP
linuxsecurityshellunix
user1159517
user1159517

Reputation: 6350

Restricting linux user to a folder

I need to create a seperate folder for an user where he is allowed to execute only one binary. He can call python/perl and run a program also. But the user should not be able to delete any folder in his directory and should not be able to view any other directory. How can i achieve this ?

Upvotes: 0

Views: 2303

Answers (3)

Mariappan Subramanian
Mariappan Subramanian

Reputation: 10073

CHMOD does the job

  chmod 755 directory/filename

7 user (**owner**) has full access.
5 allows **group** user "read" and "execute" permissions, but
  not "write" permissions. 
5 allows **others** "read" and "execute" permissions, 
  but not "write" permissions.

For your reference :

The 5 allows "read" and "execute" permissions, but not "write" permissions. A 6 would allow read and write permissions, but not "execute". A 4 would be "read" only. A 2 would be "write" only, and a 1 would be "execute" only.

Further Reference : link

Upvotes: 0

Basile Starynkevitch
Basile Starynkevitch

Reputation: 1

You could also consider configuring and using a restricted shell like e.g. a restricted bash.

However, notice that if you enable the user to run a scripting language like Python he will be able to circumvent these restrictions (using some clever scripts). So a chroot is probably preferable.

You could define a separate group for that user to refrain him from doing a lot more. See also the nobody username, SELinux, etc.

Upvotes: 0

Oliver Matthews
Oliver Matthews

Reputation: 7853

If they are accessing only over ssh, then a ChrootDirectory is the way to go. Simply put, you create a fake / system in another directory, with all the programs the user is allowed to run & the libraries they need.

See the ChrootDirectory section of the sshd_config man page, or somewhere like Here for a fuller guide if needed.

Upvotes: 2

Related Questions