[Nulled] » Operation systems OS » Linux » How to restrict server users' access to a specific directory in Linux
January 25 2023

How to restrict server users' access to a specific directory in Linux

How to restrict server users' access to a specific directory in Linux

Do I need to block the Linux server so that certain remote users can only access a certain directory and only download and upload files?

Let's look at how to do this.

When you have a server with SSH access, unless you have configured it otherwise, any user with an account on this system can log in and, if they have the rights and skills, wreak havoc on your server.

What you can do is restrict these users with a chroot jail.

By doing this, you significantly limit the capabilities of these users in your system.

In fact, any user restricted by chroot jail can:

Get access to the server only via sftp
get access only to a specific directory
What you will need
To make it work, you will need a running Linux instance and a user with sudo privileges.

That's all.

Let's do the magic of security.


How to create a restricted access group and add users on a Linux server
The first thing we need to do is create a new group and add users to it.

Create a group:

sudo groupadd restricted
Then add the user to the group using the command:

sudo usermod -g restricted USERNAME
Where USERNAME is the user you want to add to the restricted access group.

How to set up SSH
Open the SSH daemon configuration file with:

sudo nano /etc/ssh/sshd_config

Find the line (near the bottom):

Subsystem sftp  /usr/lib/openssh/sftp-server
Change this line to:

Subsystem sftp internal-sftp
At the bottom of the file, add the following:

Match group restricted
  ChrootDirectory /home/
  ForceCommand internal-sftp
  AllowTcpForwarding no
  X11Forwarding no
Save and close the file.

Restart SSH with:

sudo systemctl restart ssh
Now go back to the other machine and try to log in to the server via SSH with the user, for example:

ssh [email protected]
You will see a warning:

This service allows sftp connections only. Connection to 192.168.1.147 closed.
In order for any user from the restricted access group to log in to the server, they must use sftp as follows:

sftp USERNAME@SERVER
Where USERNAME is the user name, and SERVER is the IP address or domain of the server.

After successfully logging in, they will find themselves in an sftp prompt where they can transfer files back and forth using the put and get commands.

Limited users can only upload files to their home directories.

When a user with limited rights logs in, it is located in the /home directory.

Therefore, for a successful download, they will have to go to their home directory by running a command like:

cd olivia
Once in your home directory, you can run a command like:

put file1
As long as this file is in the current working directory of the machine from which they logged on to the server, it will load normally.

If these users only need to upload files to the local machine, they can use a command such as:

get file1
I understand that this is a very limited configuration with very limited use cases, but at some point in your Linux admin career you will encounter a situation where you will need to restrict users from logging into chroot jail.

This is one way to do it.





Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 25 January 2023 16:14
  • Publication category(s): Operation systems OS»,Linux
  • Number of views of the publication: 298
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
Experts warn of a

Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB

Read more
20 January 2023
Social Engineering
💬 true story from Group

💬 true story from Group IB. Social Engineering. • Today I have prepared for you another and interesting story from

Read more
20 January 2023
NetWork
Types of Client-Server

Types of Client-Server architecture • Single-level In it, all application programs are distributed across

Read more
13 December 2022
Joomla components
EDocman v1.23.0

EDocman is the leading extension for file and file upload manager for Joomla. By creating the Joomla Access

Read more
27 December 2022
General questions 1c-bitrix
1c-bitrix how to install

1c-bitrix how to install on the server Installing CMS 1C Bitrix in LEMP (Linux, Nginx, MariaDB, PHP 7) for CentOS

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +9 Total articles 6751
  • +17 Comments 4235
  • +22 Users : 6069