[wellylug] Re :Sam permission on /
Sam Cannell
sam at plaz.net.nz
Mon Apr 5 16:25:11 NZST 2004
Do you want the users to be able to get a shell on the machine at all?
If you don't let them read anything outside their home directory, then they're not going to be able to do a lot. The fact that commands like ls, cat and cp all live in /bin/ is irrelevant because bash is also under /bin/ so they won't even be able to start that.
If you want to stop them logging in to the machine itself, the easiest thing to do is to change their shell to /bin/false:
sh-2.05b# chsh joeuser
Changing the login shell for joeuser
Enter the new value, or press return for the default
Login Shell []: /bin/false
sh-2.05b#
This will stop them logging in and getting a shell on the machine, but will not adversely affect any other processes requiring access to the filesystem.
-----Original Message-----
From: wellylug-admin at lists.naos.co.nz [mailto:wellylug-admin at lists.naos.co.nz] On Behalf Of E.Chalaron
Sent: Monday, 5 April 2004 4:01 p.m.
To: wellylug at lists.naos.co.nz
Subject: [wellylug] Re :Sam permission on /
I do not anything else than joe writing or reading a couple of files access
to /home/joe (no mail, no web, no nothing....). I am not sure if it really
matters in that particular case. If it does, I'll be happy to know.
Thanks a lot
Edouard
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.648 / Virus Database: 415 - Release Date: 31/03/2004
More information about the wellylug
mailing list