I recently posted a request on the OpenSSH discussion board about how I might lock a user into access of a limited number of directories when they connect using scp. The reply I got told me to use a patch of OpenSSH that implements chroot jail if a key file exists in the home directory of the login used. This would work just fine, however I also noticed that RedHat 8.0 also has a shell based command to allow the entering a chroot jail from the command line. This leads to some old questions that I always had tingling in my mind about /etc/profile and when a user can break from a script.
Q1> If the first line of my /etc/profile traps and ignores all events (including all user generated break/terminate events). Is there still a way to break before the first line of /etc/profile as a user?? I imagine I can bypass the whole patching of OpenSSH and just add a conditional statement to the /etc/profile (after trapping and ignoring signals), that would send specific user id's to thier repective chroot jails , at which point I and recind the event trap and let the users do thier stuff in thier respective jails. Anything wrong with this plan? Again , Tank you in advance for your help, this is priceless . . . . Leland T. Snyder
