> 1. Is there a way to limit the user to the homedir structure? I'd like to > chroot the user into his homedir. Right now he can traverse the whole > filesystem :( Do I need to patch openssh with some kind of chroot patch? > Then I think I also need to use some kind of unix-tree in the user's > homedir... not beautiful. :(
Use 'jail'. It's a chrooted shell. Don't forget that the fish protocol relies on a simple shell connection. > 2. To not give out shell-access I've heared that you can give the user > "/bin/true" as his shell and then add "/bin/true" to /etc/shells . I've done > so now but I can't connect to the server :( > > $ lftp -u myuser fish://serv > Password: > lftp te@serv:~> ls > `ls' at 0 [Connecting...] > `ls' at 0 [Delaying before reconnect: 22] > > Any idea what's wrong? > > serv# grep myuser /etc/passwd > myuser:x:500:500::/ftp:/bin/true > > serv# grep /bin/true /etc/shells > /bin/true As I said, lftp does a 'telnet' connection to the server, and uses commands like 'ls' or 'cat' to retreive file lists and files. So if you set the shell to /bin/true, lftp won't be able to log in...
