1

I want to add a new user on a Debian server but I need to set, that it sees the home directory to be the root for security purposes.

e.g.:

new user: usr home directory: /home/usr root directory: /home/usr and it should not be able to go back to /home

Is there a way to do that using useradd? Or even manually?

WolfyD
  • 865
  • 3
  • 14
  • 29
  • https://wiki.debian.org/chroot – marekful Jun 09 '15 at 09:16
  • @marekful I tried that, but I didn't really understand what to do, It downloaded a whole debian system to my /home directory but changed nothing else. If you know how it works, could you please give me a pointer? – WolfyD Jun 09 '15 at 09:56
  • @marekful I also tried the following `chroot --userspec=1001:0 /home/upload` and got the following error: `chroot: failed to run command `/bin/bash': No such file or directory` – WolfyD Jun 09 '15 at 10:01

1 Answers1

0

No you cannot do that directly with useradd.

You have to play with chmod. For example you could revoke the 'read others' right in /home to block direcory listing.

Do not revoke the execute right or you won't be able to cd in users homes.

But if you want to put restrictions on users remotely connecting to your server, you may setup a 'chroot jail' for SSH access for example

ld57
  • 1
  • 1
  • I tried that, but all I could accomplish, is to not list files and directories. The user can still `cd` into say `etc` if he wants. (I changed both `/home` and `/` to 711) – WolfyD Jun 09 '15 at 09:55
  • Yes, but you cannot block the 'cd' right, only the list right, because it could block the access to all subdirectories and you may endup with an unusable system, especially if you try to block /etc. Be very careful... – ld57 Jun 09 '15 at 10:13
  • Thanks, I'll remember that – WolfyD Jun 09 '15 at 10:14
  • Do you need to restrict users connecting remotely to your server? – ld57 Jun 09 '15 at 10:28
  • I got the task of creating a user on a virtual server that can ftp into a specific directory (i.e: `/home/upload` <- on localhost) but could not reach `/home` from there – WolfyD Jun 09 '15 at 10:34
  • So you have to configure properly your ftp server. For example for vsftpd, your have to add the option: chroot_local_user=Yes – ld57 Jun 09 '15 at 10:38
  • I read through the `vsftpd.conf` and this should work, yet it doesn't seem to change anything. I can still just as easily exit the directory – WolfyD Jun 09 '15 at 10:45