Jump to content

Jail a user?

ChrisMartino

By ChrisMartino
in Linux

 Share

Recommended Posts

ChrisMartino Advanced Member

ChrisMartino

Posted
Posted

Hey there, so basically my problem is that I want to have a user but VERY limited privileges, I don't want them to be able to do anything outside of there home directory, like using CD to access files that are outside of there home directory, I've read some things on tutorials about how you can jail them but it requires you to clone /dev etc to the folder that there jailed in but that isn't a option in my situation, could somebody please help me out on this?.

 

Thanks for your time.

Link to comment
https://forums.phpfreaks.com/topic/211378-jail-a-user/
Share on other sites
ChrisMartino Advanced Member

ChrisMartino

Posted
  • Author
Posted

Without creating a jail you'd need to deny the user permissions to the rest of the system manually. What is the actual problem?

 

Well I'm creating a game hosting service (GSP), and I want to run the client's server under a user that jails them to the servers directory so that they can't run system commands etc because you can upload plugins to the server that could cause some massive damage to the machine if they wanted to if i ran it under root, so i need to deny them to anything accept the folder they actually need.

Link to comment
https://forums.phpfreaks.com/topic/211378-jail-a-user/#findComment-1102242
Share on other sites
trq Prolific Member

trq

Posted
Posted

Sorry if this sounds harsh, but if you really need to ask these questions there is no way you should be doing this. It WILL blow up in your face.

 

Anyway, you just need to make sure that all directories are only accessible by there owner. This generally means 700. Some directories however will need to be accessible by certain groups so you might need to use 770.

 

Really, for this sort of thing, creating home directory jails is the best option. If this isn't an option, you'll be up for allot more work and the system will be allot less secure, though people who know what they are doing can usually break out of a jail depending on what tools are available to them.

 

Are the users themselves going to have system accounts?

Link to comment
https://forums.phpfreaks.com/topic/211378-jail-a-user/#findComment-1102622
Share on other sites
cliffdodger Newbie

cliffdodger

Posted
Posted

Sorry to say this thread almost reads like a who's on first base skit. And Thorpe is pretty much right.

 

Another thing you'll run into if you manually adjust all the permissions is that sadly some gadgets only like to run with the permissions 777 - if you don't know what that means google is your friend, talk to google.  Anyway that means the users will likely be able to see that file and change directory to any directory with 777 permissions.  If there are any of these (often forum file upload directories and the like) be sure they're not web accessible - they reside above the web root or else they could dump a script in here as themselves but run it from the web with the same priveleges as the web user/apache and could start spamming from your server or uploading files to it, many things.  Otherwise....as secure as you make things they could still exploit some buffer overflow in the game server program and attempt to gain root access or access to your servers password files to download them and try to crack them.  More reason to try to jail them.

 

Here's one man's attempt at a jail solution with brief discussion on it's limitations:

http://www.felipecruz.com/blog_restricte-linux-users-to-their-home.php

Link to comment
https://forums.phpfreaks.com/topic/211378-jail-a-user/#findComment-1103745
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.