How can I prevent users from accessing the root directory?

permissions users
5,137

Solution 1

If all you want is for the users to be able to sftp files to/from a particular folder, why don't you set them up with an sftp chroot? This will make the folder you designate appear to be the root in their login.

See: http://www.debian-administration.org/articles/590 http://ubuntuforums.org/showthread.php?t=858475

Solution 2

sudo chown o-r /etc

should already give you an error, since chown doesn't know o-r; are you talking about chmod perhaps?

However, you shouldn't fiddle around with permissions of system folders. Programs will stop working, support advice will fail. I can't imagine a reason to forbid people to read /etc.

If you did only that, you should undo it, if you did such things recursively, you can do a reinstallation, which is faster than a manual correction.

A good idea would be to ask such questions before doing it. Davids advice, to use a chroot-environment, is the canonical way to prevent untrusted users to access your directory tree.

Share:
5,137

Related videos on Youtube

aakash
Author by

aakash

Updated on September 18, 2022

Comments

  • aakash
    aakash over 1 year

    While still allowing my account to access the root directory. I've tried adding myself to the root group with $ sudo adduser myaccount root but when I do $ sudo chmod o-r /etc followed by $ cd /etc $ dir it says permission denied.

    Maybe I'm thinking about the wrong solution for my problem. I setup an ssh server with OpenSSH and want to give users the ability to navigate and edit files in a specific folder /home/myaccount/website/deveopment/ without giving them the ability to view or edit anything else.

    To solve that problem, I'm attempting to disable 'other group' read permissions from every folder in root so that only root can access them. That's when I ran into the above problem. Even after adding myself to root, I still can't access directories with 'other group' read permissions disabled.

  • aakash
    aakash almost 13 years
    You're right, I meant chmod. Fortunately, I wasn't using -R so it was easy to change the permissions back. And it does look like chroot is the way to go, judging by the links he posted.
  • aakash
    aakash almost 13 years
    Thanks! That definitely seems like what I want. I'm currently in the process of trying to get it to work, but I'm running into problems. Looks like I need to read the configuration options for OpenSSH more closely.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Allow chown command to www-data user
Can I allow a standard user to execute only certain sets of command in terminal?
Sudo is not asking for password on Ubuntu 16.04
How to add my user account to admin group (13.10 desktop)
How can user mount an encrypted file container in VeraCrypt?
how to change a user home directory to adirectory that already exits?
How to add flags and/or arguments to a command in the 'sudoers' file
Unix permissions - what EXACTLY is the "owner group" (note: singular)?
Ubuntu 18.04 gnome settings: how to fix "System policy prevents changes. Contact your system administrator" on 2nd user which is already an admin
How to access drives that are mounted by other users?