Create user who can only access one directory

Question

I would like to create a user that only has access to one folder and nothing else whatsoever.

I have already created a user but he has access to other parts of the system according to corresponding file settings. I don't want him to have that, I want him only to have access to one folder and nothing else. Everything else should preferably be just invisible to him.

Is it possible to create such a user,and if so, how do I go about doing that?

p.s. Removing 'other' privileges of other users home directory goes a bit of the way towards this end. But this limited user still has access to all the base directories like /etc and such. And he can still see other users home directory, even though he cant access them.

what *nix are you in? how is the user going to access the system? — Matt, Aug 20 '13 at 13:15
I'm using L-Ubuntu but intend to also use this for OSX. This limited user will access via ssh. — john-jones, Aug 20 '13 at 13:21
What does he need ssh for? Is it to upload files, or to attempt to issue commands or some other purpose? — Drav Sloan, Aug 20 '13 at 13:51

score 4 · Answer 1 · edited Apr 13 '17 at 12:22

4

Apparently, you can. I never tried it myself, but jailkit seems to fit the bill. It doesn't seem to have been pre-packaged for Debian, so your only option is to build from source if you're on Debian or any of its children.

Thanks to @terdon's comment, we know it's been packaged as RPM and as a source package for Arch.

@terdon's links:

From @slm's comment, a note on installing jailkit from source.

Update

Since you indicate in your comments that you're planning to give this user access via SSH, these additional articles may be of value to you:

edited Apr 13 '17 at 12:22

Community

1

answered Aug 20 '13 at 13:07

Joseph R.

39,549

2

What makes you think it has not been packaged? Granted, there seems to be no .deb but you can find RPMs of jailkit here, and an arch source package here. – terdon Aug 20 '13 at 13:13
2

Here's some info about jailkit from askubuntu: http://askubuntu.com/questions/92856/how-to-install-jailkit. There's a PPA available, ppa:jailkit/ppa. – slm Aug 20 '13 at 13:20

score 3 · Answer 2 · edited Apr 13 '17 at 12:13

If rsync is your one and only use case, you may want to think about simply exposing an rsync server that the user can connect to directly.

A very detailed explanation for rsync + stunnel

This is how you would access that service

If you insist on SSH you could just disable login by setting that users shell to /bin/false, which would still allow you to use SSH as tunnel through which you could make your rsync connection work, as described here

Create user who can only access one directory

2 Answers2