Re: Restricting access to home directory
Well... If there was an easy way to restrict users to their home directories using SCP or SCPONLY, I would love that instead. I don't really feel like installing an FTP server just so users can connect to my server when they are already used to using sftp-server. Is there anyway? -Matt On Sun, 24 Sep 2006, Marwan Sultan wrote: Hi Matt! If you are talking about givin FTP access only, then the easiest way to do it is just adding the user to the file /etc/ftpchroot and thats all!! if the file does not exist. then create it. add to /etc/ftpchroot all users that you want them to ftp but never see any upper level of shell. have fun, Marwan Sultan System Administrator. On Sun, 24 Sep 2006 15:09:23 -0400 (EDT) Matt Juszczak [EMAIL PROTECTED] wrote: I would like to give a user access to my box via some kind of FTP but restrict him to his home directory. I have seen scponlyc, which supposedly can do this, but can't seem to get it working. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] !DSPAM:4517000f901501537419863! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restricting access to home directory
Martin Hudec wrote: Hello Matt, DefaultRoot ~ [group] where ~ are their specified homedirs and group is optional (members of that group will be jailed to their homedirs, others will be able to browse everywhere, if group is not used, everybody using proftpd will be jailed). Martin pure-ftpd does this too. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restricting access to home directory
On 25 Sep Matt Juszczak wrote: If there was an easy way to restrict users to their home directories using SCP or SCPONLY, I would love that instead. Is there anyway? Short answer: NO and that's OK for a protocol based on ssh. Your users can pass the bounderies of their homedirectories if they're logged in too, can they not? And ssh is nothing more than kind of a remote login; a bit more secure than rlogin was (is) -- dick -- http://nagual.nl/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 6.1 +++ Solaris 10 6/06 ++ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Restricting access to home directory
Have a look to: http://www.pizzashack.org/rssh Regards, -- Thomas Gouverneur Junior UNIX Administrator TI Automotive -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Juszczak Sent: lundi 25 septembre 2006 8:28 To: Marwan Sultan Cc: freebsd-questions@freebsd.org Subject: Re: Restricting access to home directory Well... If there was an easy way to restrict users to their home directories using SCP or SCPONLY, I would love that instead. I don't really feel like installing an FTP server just so users can connect to my server when they are already used to using sftp-server. Is there anyway? -Matt On Sun, 24 Sep 2006, Marwan Sultan wrote: Hi Matt! If you are talking about givin FTP access only, then the easiest way to do it is just adding the user to the file /etc/ftpchroot and thats all!! if the file does not exist. then create it. add to /etc/ftpchroot all users that you want them to ftp but never see any upper level of shell. have fun, Marwan Sultan System Administrator. On Sun, 24 Sep 2006 15:09:23 -0400 (EDT) Matt Juszczak [EMAIL PROTECTED] wrote: I would like to give a user access to my box via some kind of FTP but restrict him to his home directory. I have seen scponlyc, which supposedly can do this, but can't seem to get it working. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] !DSPAM:4517000f901501537419863! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Restricting access to home directory
rssh supports chroots it seems, but no way to actually tie them to their home dir. -Matt On Mon, 25 Sep 2006, Gouverneur, Thomas wrote: Have a look to: http://www.pizzashack.org/rssh Regards, -- Thomas Gouverneur Junior UNIX Administrator TI Automotive -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Juszczak Sent: lundi 25 septembre 2006 8:28 To: Marwan Sultan Cc: freebsd-questions@freebsd.org Subject: Re: Restricting access to home directory Well... If there was an easy way to restrict users to their home directories using SCP or SCPONLY, I would love that instead. I don't really feel like installing an FTP server just so users can connect to my server when they are already used to using sftp-server. Is there anyway? -Matt On Sun, 24 Sep 2006, Marwan Sultan wrote: Hi Matt! If you are talking about givin FTP access only, then the easiest way to do it is just adding the user to the file /etc/ftpchroot and thats all!! if the file does not exist. then create it. add to /etc/ftpchroot all users that you want them to ftp but never see any upper level of shell. have fun, Marwan Sultan System Administrator. On Sun, 24 Sep 2006 15:09:23 -0400 (EDT) Matt Juszczak [EMAIL PROTECTED] wrote: I would like to give a user access to my box via some kind of FTP but restrict him to his home directory. I have seen scponlyc, which supposedly can do this, but can't seem to get it working. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] !DSPAM:4517c88b8285209328925! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Restricting access to home directory
Correct, but you can still use it into a chroot. Consider: http://www.sdri.co.jp/rssh/CHROOT_en.html Regards, -- Thomas Gouverneur Junior UNIX Administrator TI Automotive -Original Message- From: Matt Juszczak [mailto:[EMAIL PROTECTED] Sent: lundi 25 septembre 2006 15:35 To: Gouverneur, Thomas Cc: 'freebsd-questions@freebsd.org' Subject: RE: Restricting access to home directory rssh supports chroots it seems, but no way to actually tie them to their home dir. -Matt On Mon, 25 Sep 2006, Gouverneur, Thomas wrote: Have a look to: http://www.pizzashack.org/rssh Regards, -- Thomas Gouverneur Junior UNIX Administrator TI Automotive -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Juszczak Sent: lundi 25 septembre 2006 8:28 To: Marwan Sultan Cc: freebsd-questions@freebsd.org Subject: Re: Restricting access to home directory Well... If there was an easy way to restrict users to their home directories using SCP or SCPONLY, I would love that instead. I don't really feel like installing an FTP server just so users can connect to my server when they are already used to using sftp-server. Is there anyway? -Matt On Sun, 24 Sep 2006, Marwan Sultan wrote: Hi Matt! If you are talking about givin FTP access only, then the easiest way to do it is just adding the user to the file /etc/ftpchroot and thats all!! if the file does not exist. then create it. add to /etc/ftpchroot all users that you want them to ftp but never see any upper level of shell. have fun, Marwan Sultan System Administrator. On Sun, 24 Sep 2006 15:09:23 -0400 (EDT) Matt Juszczak [EMAIL PROTECTED] wrote: I would like to give a user access to my box via some kind of FTP but restrict him to his home directory. I have seen scponlyc, which supposedly can do this, but can't seem to get it working. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] !DSPAM:4517c88b8285209328925! The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restricting access to home directory
Hello Matt, Matt Juszczak wrote: Hi all, I would like to give a user access to my box via some kind of FTP but restrict him to his home directory. I have seen scponlyc, which supposedly can do this, but can't seem to get it working. I have also read up on protftpd + ssl, and configuring it to lock users into their home directories. What would all of you recommend as a viable secure solution to this? First of all, scp (scponly) is not a FTP service. Nevertheless both options are just fine. Proftpd is able to jail users inside their dirs. Settings required in proftpd.conf: DefaultRoot ~ [group] where ~ are their specified homedirs and group is optional (members of that group will be jailed to their homedirs, others will be able to browse everywhere, if group is not used, everybody using proftpd will be jailed). Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restricting access to home directory
On Sun, 24 Sep 2006 15:09:23 -0400 (EDT) Matt Juszczak [EMAIL PROTECTED] wrote: I would like to give a user access to my box via some kind of FTP but restrict him to his home directory. I have seen scponlyc, which supposedly can do this, but can't seem to get it working. and what do you mean can't seem to get it working ? with scponly you also have a chroot-option, if your user is the only scponly user, then the top-dir in the chroot-scponly setup could be his home-dir (disclaimer, i've successfully used scponly, but only read documentation about chroot-scponly, not used that yet) -- grtjs, albi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restricting access to home directory
Hi Matt! If you are talking about givin FTP access only, then the easiest way to do it is just adding the user to the file /etc/ftpchroot and thats all!! if the file does not exist. then create it. add to /etc/ftpchroot all users that you want them to ftp but never see any upper level of shell. have fun, Marwan Sultan System Administrator. On Sun, 24 Sep 2006 15:09:23 -0400 (EDT) Matt Juszczak [EMAIL PROTECTED] wrote: I would like to give a user access to my box via some kind of FTP but restrict him to his home directory. I have seen scponlyc, which supposedly can do this, but can't seem to get it working. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]