Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to set user home directory to user's root?

5 views
Skip to first unread message

Michael Wu

unread,
Aug 3, 2001, 12:45:43 AM8/3/01
to
Dear All,

I am sorry to asking a low level question, I want to know how to setting a
user's home directory to be his root when user login.

Cause we have many out sourcing 3 party will login from internet, my boss
ask me to do that for security!

Thnak you very much!

Regards
Michael Wu
kuo...@ms21.hinet.net

Rich Teer

unread,
Aug 3, 2001, 1:04:11 AM8/3/01
to
On Fri, 3 Aug 2001, Michael Wu wrote:

> Dear All,
>
> I am sorry to asking a low level question, I want to know how to setting a
> user's home directory to be his root when user login.
>
> Cause we have many out sourcing 3 party will login from internet, my boss
> ask me to do that for security!

I'm not sure I follow - Oh! You want users to be chrooted to their
home directory when they log in! I think the chroot man page will
have instructions on how to do this, but you need to make a copy
of /usr/bin and /usr/lib containing what you want to give them
in each persons home directory. A lot of hassle.

I'd get the 3rd party to sign some sort of no damage agreement
instead - or re-evaluate the need for logins in the first place...

--
Rich Teer

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net

Tony Walton

unread,
Aug 3, 2001, 4:48:26 AM8/3/01
to
Michael Wu wrote:
>
> Dear All,
>
> I am sorry to asking a low level question, I want to know how to setting a
> user's home directory to be his root when user login.

According to the login(1) manpage:

If the login-shell field in the password file (see
passwd(4)) is empty, then the default command interpreter,
/usr/bin/sh, is used. If this field is * (asterisk), then
the named directory becomes the root directory. At that
point, login is re-executed at the new level, which must
have its own root structure.


I have never tried this, but perhaps someone out there has and can give
some pointers?


--
Tony

Ryan MacDonald

unread,
Aug 3, 2001, 11:06:46 AM8/3/01
to
I use this all the time with FTP (at least on Linux, haven't tried it
under Solaris). It just uses the "chroot" command. It does not require
you to put the shell in password any different than normal, but rather
just specify where that users "/" will be. Here is an example out of my
passwd file:

<username>:x:503:500:<description>:/var/ftp/.users/./<username>:/bin/false
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The only thing to do is add a "." inside of the line. What you now have
is a field that is cut into two parts. The first section being where
the users root directory will be, the second being the user's home
directory. You may want something like this:

buser:x:503:500:Bob User:/homeroot/./buser:/homeroot/buser/bin/ksh


NOW there are things to remember about this. First off as I said
before, beats me if this will work under Solaris. I would assume it
would, but have never tried. Do a man on "chroot" and you will probably
figure it out.

Second you will notice that you need to provide a complete set of
binaries for the user to use. Since it not has absoutely no access to
/usr/bin, /bin, or anthing beyond /homeroot for that matter, you will
have to make copies of everything. Even things such as "ls" "cp" "rm"
all will be unavailable to the user account. Since I use it for FTP
it's not a big deal, but average use would be quite annoying. For this
reason I would suggest making a "bin" directory under each users home
directory. Make sure you include everything that you think this user
will need.

Good Luck,
Ryan

no one

unread,
Aug 3, 2001, 4:33:32 PM8/3/01
to
"Michael Wu" <mich...@payez.com.tw> wrote in
<9kda9o$23i$1...@news.is.net.tw>:

>Dear All,
>
>I am sorry to asking a low level question, I want to know how to setting a
>user's home directory to be his root when user login.
>
>Cause we have many out sourcing 3 party will login from internet, my boss
>ask me to do that for security!

Me thinks that your firm needs to reevaluate how they handle outsourced
work and come up with a workable security policy...

hacking the machines like you've suggested is NOT a viable solution.

signed,
an out of work computer guru, betrayed by his government.
KICK ALL H1Bs OUT OF THE USA!!!


-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----

Ken Arnold

unread,
Aug 6, 2001, 10:36:57 AM8/6/01
to
Another possiblity to expore is using one of the restricted shells
(e.g. /usr/lib/rsh) as the default shell. This method restricts the
user to their home directory because they cannot use the cd command to
change to another directory. It has the effect of not allowing the
user to change to a subdirectory of the home directory either which
may be an undesirable side effect.
0 new messages