Q. How can I make sure that users can only access their own home directories?
A. You can use rbash i.e. restricted bash shell. A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed:
- Changing directories with cd
- Setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV
- Specifying command names containing /
- Specifying a file name containing a / as an argument to the . builtin command
- Specifying a filename containing a slash as an argument to the -p option to the hash builtin command
- Importing function definitions from the shell environment at startup
- Parsing the value of SHELLOPTS from the shell environment at startup
- Redirecting output using the >, >|, , >&, &>, and >> redirection operators
- Using the exec builtin command to replace the shell with another command
- Adding or deleting builtin commands with the -f and -d options to the enable builtin command
- Using the enable builtin command to enable disabled shell builtins
- Specifying the -p option to the command builtin command
- Turning off restricted mode with set +r or set +o restricted.
These restrictions are enforced after any startup files are read. When a command that is found to be a shell script is executed, rbash turns off any restrictions in the shell
spawned to execute the script.
Open /etc/passwd file and setup shell to /bin/rbash
# vi /etc/passwd
For example here is a sample entry for user vivek:
Save and close the file.
|Category||List of Unix and Linux commands|
|Firewall||Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04|
|Network Utilities||dig • host • ip • nmap|
|OpenVPN||CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04|
|Package Manager||apk • apt|
|Processes Management||bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time|
|Searching||grep • whereis • which|
|User Information||groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w|
|WireGuard VPN||CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04|