How to Restrict Linux Users to Their Home Directories

Valic —  June 16, 2010 — 1 Comment

You can use rbash (restricted bash shell).

If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed:

* changing directories with cd
* setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV
* specifying command names containing /
* specifying a file name containing a / as an argument to the . builtin command
* Specifying a filename containing a slash as an argument to the -p option to the hash builtin command
* importing function definitions from the shell environment at startup
* parsing the value of SHELLOPTS from the shell environment at startup
* redirecting output using the >, >|, <>, >&, &>, and >> redirection operators
* using the exec builtin command to replace the shell with another command
* adding or deleting builtin commands with the -f and -d options to the enable builtin command
* Using the enable builtin command to enable disabled shell builtins
* specifying the -p option to the command builtin command
* turning off restricted mode with set +r or set +o restricted.

How to restrict user ?

pico /etc/passwd

Then edit the user that you want to be restricted. Replace /bin/sh with /bin/rbash .







Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

One response to How to Restrict Linux Users to Their Home Directories

  1. As helpful as typing : man rbash

    What you omitted is where one specified the allowed commands. On SLES this is in :- /usr/lib/restricted/bin
    srv1:/usr/lib/restricted/bin # ls -l
    total 0
    lrwxrwxrwx 1 root root 13 Oct 29 2008 hostname -> /bin/hostname
    lrwxrwxrwx 1 root root 13 Oct 19 13:30 less -> /usr/bin/less
    lrwxrwxrwx 1 root root 7 Oct 19 13:28 ls -> /bin/ls
    lrwxrwxrwx 1 root root 9 Oct 19 13:29 more -> /bin/more
    lrwxrwxrwx 1 root root 13 Oct 19 13:29 vi -> /usr/bin/view

    What we really want to know is where this is on Debian. If not, then we should have read the man page for rbash.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.