SUPPORT THE SITE WITH A CLICK

Subscribe Rss:

SUPPORT THE SITE WITH A CLICK

Tuesday, December 18, 2007

How to restrict users in linux not entering into the filesystem

In linux operating systems everey user can able to view the files in terminal with read access,but they cant able to write the file.But if you want to make other users not read your home and file system then we have to configure the user account with Restricted Shell

Restricted Shell



The next degree of limitation is to be a restricted shell. In this case, a version of a normal bash shell will prevent users from changing the directory and environment variables, redirecting output, running commands with absolute pathnames, using exec command and some other actions. Restrictions are not enforced for shell scripts. See man bash for more details. Combining rbash with a restrictive configuration of UNIX permissions can help achieve further security.

Rbash is a viable choice if you are trying to somewhat contain trusted users. Its restrictions can be easily overcome (see below).

To test rbash restricted shell functionality:


# adduser nst

# ln -s /bin/bash /bin/rbash

# echo "/bin/rbash" >> /etc/shells

# chsh -s /bin/rbash nst

# cd ~nst

# su nst

$

and then:
$ cd /
rbash: cd: restricted


Note:This has been tested in Ubunut and Redhat linux machines.