> 1. Is there a way to limit the user to the homedir structure? I'd like to 
> chroot the user into his homedir. Right now he can traverse the whole 
> filesystem :( Do I need to patch openssh with some kind of chroot patch? 
> Then I think I also need to use some kind of unix-tree in the user's 
> homedir... not beautiful. :(

Use 'jail'. It's a chrooted shell. Don't forget that the fish protocol
relies on a simple shell connection.

> 2. To not give out shell-access I've heared that you can give the user 
> "/bin/true" as his shell and then add "/bin/true" to /etc/shells . I've done 
> so now but I can't connect to the server :(
> 
> $ lftp -u myuser fish://serv
> Password:
> lftp te@serv:~> ls
> `ls' at 0 [Connecting...]
> `ls' at 0 [Delaying before reconnect: 22]
> 
> Any idea what's wrong?
> 
> serv# grep myuser /etc/passwd
> myuser:x:500:500::/ftp:/bin/true
> 
> serv# grep /bin/true /etc/shells
> /bin/true

As I said, lftp does a 'telnet' connection to the server, and uses
commands like 'ls' or 'cat' to retreive file lists and files. So if you
set the shell to /bin/true, lftp won't be able to log in...

Reply via email to