I would like to give read-only access to a user but I want him/her to see only the exact folders I give access. for example he/she shouldn't travel around all the server and browse to all users folders etc. even if he/she only goes up, up, up I want him/her to go to only these specific folders I allow. So firstly how can I let a specific user have access to a specific folder and then would putting symbolic links to his/her home folder would help? So they can go directly to necessary folders but not up or down?
3
- 2possible duplicate of chroot "jail" - what is it and how do I use it?Creek– Creek2014-06-20 11:38:29 +00:00Commented Jun 20, 2014 at 11:38
- @Creek No, that's relevant background but it doesn't explain how to set this up.Gilles 'SO- stop being evil'– Gilles 'SO- stop being evil'2014-06-20 23:27:49 +00:00Commented Jun 20, 2014 at 23:27
- @Gilles you're right, this looks more relevant Chroot environment for SSH using DebianCreek– Creek2014-06-21 00:17:45 +00:00Commented Jun 21, 2014 at 0:17
Add a comment |
2 Answers
You should set necessary directory permissions. For directories they are:
- read: permitted to view files and sub-directories in that directory
- write: permitted to create files and sub-directories in that directory
- execute: permitted to enter into a directory.
For files the situation is similar, it's quite obvious, so you can handle it on your own.
Numeric these permissions:
- read - 4
- write - 2
- execute - 1
To edit permissions use chmod. Usage: chmod xyz <file or directory>
- x - the sum of owner permissions
- y - the sum of owner group permissions
- z - the sum of rest users/groups permissions
Example:
$ chmod -R 664 /home/jack/ jack and jack's group will have read+write access to /home/jack and all it's sub-directories. The rest will have only read access. -R option here used to recursively set permissions.
Other example:
$ chmod 700 /home/jack/video/ will give jack full access to /home/jack/videodirectory. See also: chown, chgrp for changing owner and owning group.
- 3While this is marginally relevant background, the question isn't about the details of directory permissions, it's about setting up a restricted environment.Gilles 'SO- stop being evil'– Gilles 'SO- stop being evil'2014-06-20 23:28:50 +00:00Commented Jun 20, 2014 at 23:28
- 1There's no need for
chroothere, I assume, the problem can be easily solved by setting necessary permissions.miloserdow– miloserdow2014-06-21 18:10:03 +00:00Commented Jun 21, 2014 at 18:10
i also don't read necessary to set up chroots . to prevent from go up parent directories , assign a strict permission .
$ mkdir --parent 1/2/3 $ ls 1 2 $ chmod 100 1 $ ls 1 ls: cannot open directory 1: Permission denied $ ls 1/2 3 if we want to grant a user acces to /home/1 but confine the user not to see what are other materials in /home we make /home owned by root hand have permission 111 . thus the user never know if /home/2 ever exist .
