How do I make a user account using useradd and give the user access to only the dir where he can just read write files. The user when login goes to this base dir I provide and cannot access anything else on the system.Thanks
Asked
Active
Viewed 486 times
2 Answers
2
A typical user already behaves almost in this fashion -- that is, if you create a user with useradd, that user will only be able to write files in their home directory (and in a few other locations such as /tmp and /var/tmp).
You can't meaningfully prevent them from having read access in a number of places -- for example, the user needs read access to files and directories like /usr/bin. You can substantially limit what is visible to the user by having them run in a chroot environment, but this can be tricky to set up.
You're much better off ensuring that data that shouldn't be visible to arbitrary users is protected by the appropriate permissions.
larsks
- 43,623
- 14
- 121
- 180
0
Rather than setting up a chroot a simpler solution may be to use a restricted shell (such as rbash). See http://man.he.net/man1/rbash and http://blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash/ .
Mark Wagner
- 18,019
- 2
- 32
- 47