# Make a User who can't left his home-dir

## sentinal

Hello,

I want to create a user, who can't left his homedir and search my server. He should be able to use editors like nano or start other things.

What must I do so that he can't go a level higher?

----------

## Xaanin

The first question that pops up is: Why would you give this user an account in the first place? If you don't feel you can trust him enough to give him an account that can browse the whole system I don't see the point.

Now, on to your question, a chroot jail would probably do what you want, though they can be broken out of, it's the only solution I can think of. Man chroot and search google should give you something to start with.

----------

## lx

Check your /root directory it doesn't have world acces (no rwx) chmod o-rwx <dir / filename>, this way only the user and group can access the directory.

So you could do this for your whole system, chroot environment probably easier.

Cya lX.

----------

## klieber

 *lx wrote:*   

> So you could do this for your whole system

 

OK, but if you do this on /usr/bin and /bin, you're going to be in for a nasty surprise when that user account can no longer log in to his shell...

--kurt

----------

## noldar

Maybe rsh ( or krsh, bash -r) will do the trick. rsh = restricted shell, not to confuse with remoteShell.

Calling one of those shells restricted will disable the "cd" command, next to other stuff. That of course does mean, that the also won't be able to cd into subdirectories of his/her homedir.

The user will only be able to start programs in his/her path (and is not able to change the PATH variable). Usually, $PATH would be something like /usr/rbin, where all those programs would be installed (linked ?)  

Otherwise, there is a chroot shell:

http://www.aarongifford.com/computers/chrsh.html

----------

