On Thursday 31 July 2003 20:18, Ehud Karni wrote:
> On Thu, 31 Jul 2003 13:39:31 +0300 (IDT), Chaim Keren Tzion
<[EMAIL PROTECTED]> wrote:
> > I am intending that sftp will be used for the file transfer. The problem
> > is that once I create the account that will use sftp it automatically has
> > the ability to log in with ssh and wander around the system. I would like
> > to limit the users ability to travel ouside of the home directoy and to
> > execute commands. I have tried to define the user with /dev/false as it's
> > shell but then I can't log in.
>
> I read the answers to this question and I thing that they are in the
> wrong direction (changing the shell) or are too complicated (chroot
> the sshd - which need patch and compilation).
Another option is to use pam_chroot. no patching needed, and no tricky (and
unsafe) 'sudo/su' configuration needed.
pam_chroot comes with all major linux flavors I know, and is relatively easy
to setup: after preparing your chroot jail directory, add this line
session required /lib/security/pam_chroot.so onerr=fail
to your required pam.d file, and setup /etc/security/chroot.conf with as many
lines as you like with the format:
<regular expression matching user name> <chroot jail root>
The major gripe is still how to setup a proper chroot jail directory - I had a
lot of troubles with that.
--
Oded
::..
Work like you don't need the money,
Love like you've never been hurt, and
Dance like no one is watching.
-- Mark Twain
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
