Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
I would like to know whether there is any simple shell command to change the user home directory in Linux/Unix (one similar to chsh which changes the default login shell of an existing valid user) without touching the /etc/passwd file. Thanks
Ibrahim's comment on the other answer is the correct way to alter an existing user's home directory.
Change the user's home directory:
usermod -d /newhome/username username
usermod is the command to edit an existing user.
-d (abbreviation for --home) will change the user's home directory.
Change the user's home directory + Move the contents of the user's current directory:
usermod -m -d /newhome/username username
-m (abbreviation for --move-home) will move the content from the user's current directory to the new directory.
From Linux Change Default User Home Directory While Adding A New User:
Simply open this file using a text editor, type:
vi /etc/default/useradd
The default home directory defined by HOME variable, find line that
read as follows:
HOME=/home
Replace with:
HOME=/iscsi/user
Save and close the file. Now you can add user using regular useradd
command:
# useradd vivek
# passwd vivek
Verify user information:
# finger vivek
The accepted answer is faulty, since the contents from the initial user folder are not moved using it. I am going to add another answer to correct it:
sudo usermod -d /newhome/username -m username
You don't need to create the folder with username and this will also move your files from the initial user folder to /newhome/username folder.
In case other readers look for information on the adduser command.
Edit /etc/adduser.conf
Set DHOME variable
You can do it with:
/etc/passwd
Edit the user home directory and then move the required files and directories to it:
cp/mv -r /home/$user/.bash* /home/newdir
.bash_profile
.ssh/
Set the correct permission
chmod -R $user:$user /home/newdir/.bash*
Found out that this breaks some applications, the better way to do it is
In addition to symlink, on more recent distros and filesystems, as root you can also use bind-mount:
mkdir /home/username
mount --bind --verbose /extra-home/username /home/username
This is useful for allowing access "through" the /home directory to subdirs via daemons that are otherwise configured to avoid pathing through symlinks (apache, ftpd, etc.).
You have to remember (or init script) to bind upon restarts, of course.
An example init script in /etc/fstab is
/extra-home/username /home/username none defaults,bind 0 0
usermod -m -d /newhome username
Related
I was performing some experiments in Docker and found a strange behaviour.
I was able to override the ownership of a file created with the root
user inside the Docker with another user without root permissions.
Below are the steps to reproduce it:
$> docker run -dit ubuntu:16.04 bash
$> docker exec -it cont_id bash
$> apt update && apt install -y vim
$> useradd cp -m
$> vim /home/cp/hello.txt
# Write some text and save it
$> su cp
$> cd ~/ && ls -latr;
# Will list hello.txt with user and group as root
$> vim hello.txt
# Write some text and try saving it normally which will fail.
# Try saving it with `:wq!`
Voila, it is saved and the user and group to which the file belongs also change to the new user.
I have done a terminal recording for this and the same is posted here.
This is not related to docker, but just normal behavior in vim. As the file is under user directory /home/cp, hence cp user will have all permissions. What wq! command does is to delete the the old one and put new content into /home/cp/hello.txt.
You can quickly test it by creating one more file in the folder that cp has no full permission.
You were able to do it because you have all permission to directory /cp.
For doing it there are only two options:
If you're the owner of the file. Then vim changes permission to write(w)and rewrite the file. and after saving it, restores the old permissions of the file.
If you are not the owner of the file, but if you have write permissions in the current directory, Vim will delete the original file and write the document to a new file with the same name. The new file will then be assigned the same permissions as the original file, but will be owned by you.
These are only two conditions in which read-only file can be overridden.
We are using sudo users with limited commands to execute and assigned default home directory /home/sudouser but if that particular sudo user is running command cd \ its changing the directory to the main root directory /. This behaviour is totally insecure for us.
We need it such that if the sudo user is entering cd / or cd it changes directory to their home directory /home/sudouser
Please let us know how we can implement this?
Don't ever try to restrict a sudo user to only a directory or a command, a sudo user can by definition do what he wants.
In your case, having a script that assigns the home directory is I think a better idea. To solve the trouble of permissions look for the suid bit in permissions: http://www.linuxnix.com/suid-set-suid-linuxunix/
For example: create a sh file that has the following permissions: "-rwsr--r--" that is owned by root and as a group that can be accessed by the user whom you want to use the script.
Then in the file you create a simple script to execute the command to change default directory with let's say two parameters (username and directory)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I need to create a user which can only SFTP to specific directory and take a copy of some infomation. that is it. I keep looking online and they bring up information about chroot and modifying the the sshd_config.
So far I can just
add the user "useradd sftpexport"
create it without a home directory "-M"
set its login location "-d /u02/export/cdrs" (Where the information is stored)
not allow it to use ssh "-s /bin/false"
useradd sftpexport -M -d /u02/export/cdrs -s /bin/false
Can anyone suggest what am meant to edit so the user can only login and copy the file off?
I prefer to create a user group sftp and restrict users in that group to their home directory.
First, edit your /etc/ssh/sshd_config file and add this at the bottom.
Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
This tells OpenSSH that all users in the sftp group are to be chrooted to their home directory (which %h represents in the ChrootDirectory command)
Add a new sftp group, add your user to the group, restrict him from ssh access and define his home directory.
groupadd sftp
usermod username -g sftp
usermod username -s /bin/false
usermod username -d /home/username
Restart ssh:
sudo service ssh restart
If you are still experiencing problems, check that the directory permissions are correct on the home directory. Adjust the 755 value appropriately for your setup.
sudo chmod 755 /home/username
EDIT: Based on the details of your question, it looks like you are just missing the sshd_config portion. In your case, substitute sftp with sftpexport. Also be sure that the file permissions are accessible on the /u02/export/cdrs directory.
An even better setup (and there are even better setups than what I am about to propose) is to symlink the /u02/export/cdrs directory to the user home directory.
You could need to add a restricted shell for this user can put some files there. You can use rssh tool for that.
usermod -s /usr/bin/rssh sftpexport
Enable allowed protocols in config /etc/rssh.conf.
I have the logins and passwords for two linux users (not root), for example user1 and user2.
How to copy files
from /home/user1/folder1 to /home/user2/folder2, using one single shell script (one single script launching, without manually switching of users).
I think I must use a sudo command but didn't found how exactly.
Just this:
cp -r /home/user1/folder1/ /home/user2/folder2
If you add -p (so cp -pr) it will preserve the attributes of the files (mode, ownership, timestamps).
-r is required to copy hidden files as well. See How to copy with cp to include hidden files and hidden directories and their contents? for further reference.
sudo cp -a /home/user1/folder1 /home/user2/folder2
sudo chown -R user2:user2 /home/user2/folder2
cp -a archive
chown -R act recursively
Copies the files and then gives permissions to user2 to be able to access them.
Copies all files including dot files, all sub-directories and does not require directory /home/user2/folder2 to exist prior to the command.
(shopt -s dotglob; cp -a /home/user1/folder1/* /home/user2/folder2/)
Will copy all files (including those starting with a dot) using the standard cp. The /folder2/ should exist, otherwise the results can be nasty.
Often using a packing tool like tar can be of help as well:
cd /home/user1/folder1
tar cf - . | (cd /home/user2/folder2; tar xf -)
I think you need to use this command
sudo -u username /path1/file1 /path2/file2
This command allows you to copy the contents as a particular user from any file path.
PS: The parent directory should be list-able at least in order to copy files from it.
Just to add to fedorqui 'SO stop harming' answer.
I had this same challenge when I tried to change the default admin user for a server from stage_user to prod_user on an Ubuntu 20.04 machine:
First, I created a prod_user using the command below:
sudo adduser prod_user
And then I added the newly created prod_user to the sudo group:
sudo adduser prod_user sudo
Next, I copied all the directories that I needed from the home directory of the stage_user to the prod_user:
sudo cp -r /home/stage_user/folder1/ /home/prod_user/
Next, I changed the ownership of the copied folders from stage_user to prod_user to avoid permission issues:
sudo chown prod_user:prod_user /home/prod_user/folder1
That's all.
I hope this helps
The question has to to do with permissions across users.
I believe by default home permission does allow all people to do listing and changing working directory into another's home:
eg. drwxr-xr-x
Hence in the previous answers people did not realise what you might have encountered.
With more restricted settings like what I had on my web host, nonowner users cannot do anything
eg. drwx------
Even if you use su/sudo and become the other user, you can still only be ONE USER at one time, so when you copy the file back, the same problem of no enough permission still apply.
So. . . use scp instead, treat the whole thing like a network environment let me put it that way and that's it. By the way this question had already been answered once over here (https://superuser.com/questions/353565/how-do-i-copy-a-file-folder-from-another-users-home-directory-in-linux), only cared to reply because this ranked 1st result from my search.
in Linux:
I want to limited user only can do sudo on specify path.
sudo chmod works on /home/Krome/revA
but sudo chmod failed on /home/Krome
Thanks!
Restricting a user or process to a certain path can be done with chroot - the problem here is that after the chroot the commands in $PATH and dynamically loaded objects would no longer be accessible, so you'd need a statically linked shell which executes the chroot as well as the built-in commands that the user shall be able to issue.
I don't think it possible, and am pretty sure it's not reasonable.
chmod would work inside /home/Krome if it's the user's home folder.
I think you need a regular user (without sudo), and everything else can be managed by adding that user to groups and sharing some folders to those groups.
Add to /etc/sudoers something like the following line:
%users ALL = NOPASSWD: /bin/chmod [ugoa][-+=][rwxXst] /home/Krome/*
It basically says that all group users members can invoke sudo chmod in symbolic mode on anything under /home/Krome/ path.
See man sudo for more details.