security directories

[mb_chris]

I have a fair bit of experience with linux but i'm having trouble trying to secure a directory.

I want only certain users that are part of a group to be able to access only a certain directory (ie. /temp/secure). I dont want them to be able to move upward in the directory tree structure by executing "cd .." . I want them to to only stay in the secure directory and sub-dirs.

Users will only be able to access the linux machine through sftp. I can set their home directories in /etc/passwd to /temp/secure and when they are authenticated by sftp they will be in /temp/secure. But I dont want them to be able to issue "cd .." to move into temp.

I anyone has any insight on how to do this please let me know.

[Cabhan]

I'm thinking...

Add all of the users into the "secure" group. /Set temp/secure to have the owning group of "secure" (chown :secure /temp/secure). The permissions you're gonna want are:

***rwx*** -- /temp/secure/

Then, for the /temp directory, make sure the owning group is not "secure", and set the other permissions to ******---.

So basically, the secure group can read/write/execute the /temp/secure directory, but can't execute the /temp directory, which should prevent them from moving up at all.

However, in this example, they may be able to cd into other directories (like /etc/, etc.). One possible solution may be putting "chroot /temp/secure" into their ~/.bashrc files, but I dunno that that will work.

For the record, I can't guarantee that my solution will work, but you may wanna give it a shot.