# (shell) How to lock the user in his directory?



## enCyde (Aug 4, 2011)

I searched the forum but did not get a hit so I'm trying here.

I have added a user on my server to learn how stuff works, It seems that the user can go out from his directory and browse the files on the system such as /home . How do I lock the user to only be in his directory when I created his account. 

thanks.


----------



## valsorym (Aug 4, 2011)

Interest in the subject for me.
enCyde  sorry I can not help.


----------



## enCyde (Aug 4, 2011)

okey thanks anyway. I only want to lock them into their home dir and make them not available to browse the system files.


----------



## jrm@ (Aug 5, 2011)

You need to change the permissions of the directories you don't want the user to go.  If you have /some/path/to/exclude you can set its permissions with

`# chmod 0700 /some/path/to/exclude`. You can also get more control by using groups.  For more details see chmod() and the users section of the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/.

One other point.. Assuming you have home directories under /home you can't prevent the user from entering /home, because he wouldn't be able to enter his own home directory, but you can prevent the new user from entering other users' directories with appropriate permissions.


----------



## fonz (Aug 5, 2011)

enCyde said:
			
		

> How do I lock the user to only be in his directory when I created his account.


FreeBSD has a powerful mechanism for that: jails. This section of the handbook should get you started but feel free to ask followup questions if you get stuck.

Fonz


----------



## rusty (Aug 5, 2011)

You could also look at ugidfw.
http://www.freebsd.org/doc/handbook/mac-bsdextended.html


----------



## olav (Aug 5, 2011)

It's called chroot
You can setup the SSH service to jail the user inside his home folder.

in /etc/ssh/sshd_config

```
130 Match user olav
131    ChrootDirectory %h
```

The chrooted folder needs to be owned by root, so you need to create an additional folder for the user. 
For example /home/olav/olav
home is owned by root, olav owned by root and is the chrooted folder, finally the last olav folder is owned by the olav user.


----------



## enCyde (Aug 5, 2011)

thank you everyone.


----------



## jalla (Aug 5, 2011)

olav said:
			
		

> It's called chroot
> You can setup the SSH service to jail the user inside his home folder.



This is extremely limiting for a general user (or cumbersome to set up).

You need to create devices and copy any necessary apps and libraries into the chrooted environment.


----------

