How to restrict a linux user to read only specific folder
Okay, first off, change that directory structure to:
/home/testserver/vehicles
/home/testserver/images
/home/testserver/dump
Then execute
chown root.root /home/testserver /home/testserver/vehicles /home/testserver/images
chmod 755 /home/testserver
chown testuser.testserver /home/testserver/dump
chmod 775 /home/testserver/dump
Finally, alter the ChrootDirectory directive line in /etc/ssh/sshd_config
to
ChrootDirectory /home/testserver
I also recommend that you do a great deal of reading and brushing up on linux system administration in general, as your question and the things you attempted to do so far indicate "cargo cult" administration -- copy/pasting advanced administration tricks without understanding what they do or how they do it in the hope that they'll do what you want. This can very easily lead to disasters that you'll have no idea how to fix.
Related videos on Youtube
Freny Christian
Updated on September 18, 2022Comments
-
Freny Christian over 1 year
I want to create a user that have only access to the following directories and can't see nothing else
/home/vehicles/ #read only /home/images/ #read only /home/dump/ #read and write
I used this link https://unix.stackexchange.com/questions/15360/how-to-add-a-ssh-user-who-only-has-permissions-to-access-specific-folder
so that I create a user group called testserver
Match Group testserver ChrootDirectory %h AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp
and the chmod of those folders like the following
chmod -R 755 /home/vehicles/ chmod -R 755 /home/images/ chmod -R 765 /home/dump/
Everything went good except that testuser is still able to access other folders, how I prevent this user from accessing other folder(i.e only access those three folders)
-
Shadur over 12 years
ChrootDirectory
only works if the target directory is owned by root -- and unless the home directory oftestuser
is/home
itself that'll just lock them into their home directory.
-
-
Admin over 12 yearsbtw when I execute the following command
egrep -i "^testuser" /etc/passwd
it's outputtestuser:x:1002:1003:Test User,,,:/home/testuser:/bin/bash
-
Freny Christian over 12 yearsThanks a lot for your answer But it still can access other files, I there exist a way to block this user from accessing anything else except /home/testserver/??
-
Shadur over 12 yearsIs
/home/testserver/
owned byroot.root
? -
Freny Christian over 12 yearsyes, but dump folder is owned by testuser
-
Shadur over 12 yearsIf you set up the
ChrootDirectory /home/testserver
directive and that directory is owned by root then theinternal-sftp
force command should keep it properly rooted in /home/testserver and only able to access/dump/
,/vehicles/
and/images/
-
Freny Christian over 12 yearsyes when I logged in, it directs me to
/home/testuser
then I changed the directory to the parent foldercd /home
and suddenly I am able to access any folder according to it's permission for example those foldersdrwx---r-x 5 root root 4096 Oct 25 08:00
lib_dataDownloader drwx---r-x 2 root root 4096 Oct 24 07:54 localX
-
Freny Christian over 12 yearsor folder like that /home/scripts
drwxrwxrwx 3 root root 4096 Oct 19 03:28 scripts