How to chroot a user

[kralj]

I want to create a user which would only be allowed to see his home directory, and below, not up.
Is it posible to do that (maybe with chroot)?

Thanks.
Matija

[ironduke]

Hello Matija,
permissions on directories are set by directory not by user or group as such.
go to any directory and enter
ls -l
for example

Code:

:/> ls -l
total 104
drwxr-xr-x   2 root root  4096 2008-03-08 07:10 bin
drwxr-xr-x   3 root root  4096 2008-02-22 16:58 boot
drwxr-xr-x  11 root root  6920 2008-04-19 17:33 dev
drwxr-xr-x 108 root root 12288 2008-04-19 17:32 etc
drwxr-xr-x   4 root root  4096 2008-02-19 23:09 home
drwxr-xr-x  11 root root  4096 2008-03-08 07:10 lib
drwx------   2 root root 16384 2008-02-19 21:51 lost+found
drwxr-xr-x   3 root root  4096 2008-04-19 17:32 media
drwxr-xr-x   3 root root  4096 2008-03-21 08:49 mnt
drwxr-xr-x   3 root root  4096 2008-02-19 22:02 opt
dr-xr-xr-x 152 root root     0 2008-04-20 03:27 proc

there are three incidences of rwx permissions
owner, group,other

owner is the user that owns the file or directory, group is the owner's group permissions of the file or directory, other is everyone else who can log into the system.
ANY valid user of the computer can read (r) or execute (x) the directories listed above apart from lost+found but only the root user can write (w)
To restrict all users except root from reading the directories above their home you would have to change the permissions of all of the directories on the computer so that "others" had no rw or x permissions. This would severely limit their ability to run most applications on the system. If there are files on the system that you don't want other users to see at all you should make a special user account for them. The standard permissions on a system are usually adequate to protect it from adventurous users.

[kralj]

Thanks Rob.

The first suggestion from someone was exactly what you told me. But, also like you've said, it's not a good solution.
And, also like you've said

The standard permissions on a system are usually adequate to protect it from adventurous users.

You're right. They can't mess up my system, but they can see it. Maybe I'm too paranoid.

Can someone tell me what "chroot" is used for? I thought that was the solution.

And if I can't do the above, can I create a user that can only connect with ftp, and not with telnet/rlogin/ssh?

Thanks again.
Matija

[ironduke]

chroot changes the root directory for a particular command or shell session.. I'm not sure why you would want to do that but I'm only a novice .

[kralj]

I thought if I put "chroot /home/user" in "/home/user/.profile" file, when user logs in, he will be "chroot-ed" to his home directory. Obviously, I was wrong.