how would I go about locking a shell account i created to their home directory? Is this possible (i assume it is)?
Thanks in advance for any and all help
What you want is a “restricted shell”. These are shells which can restrict you to a particular directory and/or restrict what programs you can execute, etc. I haven’t used one in a long time, but I think the one I did use was called resh. A google search reveals one called rsh (not to be confused with the other rsh, the remote shell tool), and it looks like if you make a symlink to bash called “rbash” (or give bash the “–restricted” argument), it will start up in a restricted mode as well. Nifty.
Note that you should probably do some research for gotchas involved in relying on a restricted shell. It’s easy to overlook holes, and it’s hard to test for them. I was just experimenting with the restricted bash, and it was indeed restricted, but since bash itself was in my PATH variable, I was able to execute a non-restricted subshell. So obviously there’s one gotcha: set the PATH var conservatively.
I’m not exactly sure what the question is in the OP, but assuming a restricted shell is what you’re after, also, check out the “–restricted” option for bash. If a restricted shell isn’t what is being sought, a little expansion, please…
Here’s the bash page for the --restricted features:
If the goal is to give the user an account but not allow a shell login at all then you can change the shell program to a non-shell executable. For some OS’s you then have to add that program to an /etc/shells file.
For example, there’s often a /bin/false program that does nothing. Add /bin/false to /etc/shells then change the user’s shell in the seventh field of /etc/passwd to /bin/false.
I like using /bin/date. The user logs in, gets the date & time and is then kicked unceremoniously back out.