restrict FreeBSD users to their home directory

joeb joeb at a1poweruser.com
Sun Oct 26 05:19:21 PDT 2008 

On Sun, Oct 26, 2008 at 12:13:17PM +0800, FBSD1 wrote:
> How do it configure FreeBSD to restrict users to their home directory?

You can give the users rbash as their shell. This will restrict them to
their
home directory. But this can be easily broken out of if the user starts
another shell! So you should disable all other shells for normal users.

Otherwise you could put the users in a jail of their own. But they will
still need system files (which they can see) in the jail for it to be
usable.

> I don't want them to be able see any system directories or other users?

User directories are by default both owned by the user and belong to the
user's group. So you can set the umask for every user so that their
files are not accessible to others.

You cannot block read and execute access to a lot of system files
(binaries, libraries, /usr/[local/]share/) without making the system
useless.

What is the problem you're trying to solve? Blocking read access to
system files is almost certainly the wrong solution.

Roland
--
R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)



-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Roland Smith
Sent: Sunday, October 26, 2008 4:54 PM
To: FBSD1
Cc: freebsd-questions at FreeBSD. ORG
Subject: Re: restrict FreeBSD users to their home directory

Want to keep all the users from being able to see anything outside of their
home directory using gnome or kde desktop. For a test I vipw a test user
changing their /bin/csh to /usr/local/bin/rbash. I logged on ok to the test
user and started gnome ok. But from the menu system filesystem app I still
could access root and /etc directories. From the command line of the rbash
test user a cd command responded with restricted comment. It seems rbash
restrictions do not also restrict directory access from within gnome.

More information about the freebsd-questions mailing list