Security

I have added a new group and user to the 4.25 QNX system and have mapped a
home directory for them, the problem I have is that they can still see the
parent directories above. I can set the permissions so they do have access
but is there any way that I can set it so they don’t see the parent
directories and there for don’t know they exist.

Robert Stainsby <robert@sgcltd.co.uk> wrote:

I have added a new group and user to the 4.25 QNX system and have mapped a
home directory for them, the problem I have is that they can still see the
parent directories above. I can set the permissions so they do have access
but is there any way that I can set it so they don’t see the parent
directories and there for don’t know they exist.

There is no easy way to do this – among other things, utilities like
editors, ls, etc live “above” his home directory.

If he couldn’t see above, he couldn’t run any of those either.

There not-so-easy way to do this is to start with a program
that calls qnx_prefix_setroot() in an undocumented manner, and
go from there…

e.g.

#include <stdio.h>
#include <errno.h>
#include <sys/prfx.h>
#include <process.h>

void main()
{
int ret;
printf( “Prefix root is %s\n”,
qnx_prefix_getroot() );

chdir("/");
ret = qnx_prefix_setroot("//61/home/dagibbs/");
printf(“ret is %d, errno %d\n”, ret, errno );

printf( “Prefix root is %s\n”,
qnx_prefix_getroot() );
spawnl(P_WAIT, “/ksh”, “ksh”, “-i”, NULL );
}

This will require a fair bit of experimentation to get right.

-David

QNX Training Services
http://www.qnx.com/support/training/
Please followup in this newsgroup if you have further questions.

Robert, I think you need to decide which directories should be visible for
those
users and which are not, and why. You can’t make them all invisible, since
users need
access to OS services (/bin, /usr/bin …). But you can grant them read-only
priviledges
for those directories (which is default configuration, afaik).

Why do you want to prevent them from SEEING system directories, usually
they contain well-known stuff anyway?

“Robert Stainsby” <robert@sgcltd.co.uk> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ
ÓÌÅÄÕÀÝÅÅ: news:b4s70i$gri$1@inn.qnx.com…

I have added a new group and user to the 4.25 QNX system and have mapped a
home directory for them, the problem I have is that they can still see the
parent directories above. I can set the permissions so they do have access
but is there any way that I can set it so they don’t see the parent
directories and there for don’t know they exist.