Page 1 of 1
Allowing an user to only access a folder (SSH)
Posted: 03 Sep 2011, 16:51
by romtoc
Hello,
I need to create a user on my B3 box and I want to restrict his access to only one folder.
Can this be done? If yes, how?
Re: Allowing an user to only access a folder (SSH)
Posted: 03 Sep 2011, 20:28
by Cheeseboy
Hi romtoc,
What do you mean with "access"?
You can control Read, Write, and Execute permissions...
Re: Allowing an user to only access a folder (SSH)
Posted: 04 Sep 2011, 04:13
by romtoc
Hello Cheeseboy,
Thanks for your reply.
By "access", I meant the user can only read/write and execute files in a directory.
Re: Allowing an user to only access a folder (SSH)
Posted: 04 Sep 2011, 05:22
by Gordon
Probably your best bet would be to create a wrapper script and assign that to be the users shell. Something like...
Code: Select all
#!/bin/bash
while read command params; do
if [ ! -z `echo grep -e "^"$command"$" /some_location/allowed_commands.lst`]; then
eval $command $params
fi
done
Re: Allowing an user to only access a folder (SSH)
Posted: 04 Sep 2011, 07:01
by Ubi
Indeed, you cannot fully restrict SSH read/write to a certain folder without restricting the possible command list this user can execute.
I suppose what might work is setting low quota on the root dir for this user to prevent writing, but it's a dirty trick and he'll probably experience crashes from commands that want to write some temp stuff.
A more sophisticated method is presented here:
http://www.jmcresearch.com/projects/jail/
Re: Allowing an user to only access a folder (SSH)
Posted: 06 Sep 2011, 07:18
by romtoc
Ok, thanks for your help.
I found a simple method... a web file-manager...
Re: Allowing an user to only access a folder (SSH)
Posted: 06 Sep 2011, 07:43
by RandomUsername
romtoc wrote:Ok, thanks for your help.
I found a simple method... a web file-manager...
But the Bubba already has one! :S
Re: Allowing an user to only access a folder (SSH)
Posted: 11 Sep 2011, 12:18
by romtoc
I used a more advanced one where I can change the permissions.