On Fri, 26 Oct 2001, Rishi L Khan wrote: > Set the shell for the user in /etc/passwd to a script that chroots and > then spawns a shell.
That is very difficult to do. Chroot can only be run by root. > On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote: > > > I have been asked for this and I was trying to figure out how to do it > > (would document it later on in the Securing-Debian-Manual). So please, > > excuse me if you feel this is off-topic. > > > > The problem is, how can an admin restrict remote access from a given user > > (through telnet and/or sshd) in order to limit his "moves" inside the > > operating system. > > > > Chrooting the daemon is a possibility, but it's not tailored in a per-user > > basis but globally to all users (besides you need all the tools that users > > might want to use in the jail). I'm looking more into a jailed enviroment > > like proftpd's when you sed "DefaultRoot ~" (jails the user into his home > > directory but he's able to use all commands, without having to setup all > > the libraries in it). > > > > AFAIK, pam only allows to limit some user accesses (cores, memory > > limits..) not users "movement" in the OS -- Tot ziens, Bart-Jan
