Re: restricting user's directory listing and changing
> Greetings. > > Basically, I have this group of users, that I give SSH/SFTP access, > but I > don't want them to be able to see the complete file hierarchy and ``cd'' > to > them. I just want a user to be able to access the user's home, and that's > it. > > I looked up some docs on the shell(tcsh) and sshd, but didn't find > anything > apppropriate. Has anyone wanted to do this before? I was thinking, or > maybe I > could redirect that group of users to use a different version of the > command > ``cd'' and ``ls'' so that it will only work within their home directories. > > > Thought of jail too, but jail only jails processes, and these guys > aren't > really running processes, just file access. > > Any ideas? Thanks in advance. > > __ > Jay Sern Liew Dear Jay, There seems to be some sort of patch available @ http://chrootssh.sourceforge.net which may fitt your needs. I haven't tried it myself yet but i hope it works. -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: restricting user's directory listing and changing
Stephane Lee <[EMAIL PROTECTED]> writes: > You may want to check the restricted bash. > http://www.gnu.org/manual/bash-2.05a/html_node/bashref_75.html Just be careful; restricted shells aren't really intended for security. They're more for situations where you want to avoid shooting yourself in the foot. For real security, you need something more like chroot(8) or jail(8). > On Fri, 31 Jan 2003, Jay Sern Liew wrote: > > > Greetings. > > > > Basically, I have this group of users, that I give SSH/SFTP access, but I > > don't want them to be able to see the complete file hierarchy and ``cd'' to > > them. I just want a user to be able to access the user's home, and that's it. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: restricting user's directory listing and changing
You may want to check the restricted bash. http://www.gnu.org/manual/bash-2.05a/html_node/bashref_75.html On Fri, 31 Jan 2003, Jay Sern Liew wrote: > Greetings. > > Basically, I have this group of users, that I give SSH/SFTP access, but I > don't want them to be able to see the complete file hierarchy and ``cd'' to > them. I just want a user to be able to access the user's home, and that's it. > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: restricting user's directory listing and changing
On Fri, Jan 31, 2003 at 02:19:09PM -0500, Bill Moran wrote: > Jay Sern Liew wrote: > >Greetings. > > > > Basically, I have this group of users, that I give SSH/SFTP access, > > but I > >don't want them to be able to see the complete file hierarchy and ``cd'' to > >them. I just want a user to be able to access the user's home, and that's > >it > > Look at the docs on the chroot command, this is what you want (I think) > I'm not 100% sure how to make sshd do a chroot when you log in, but I'd > be real surprised if it's terribly difficult to do. > > >Has anyone wanted to do this before? > > Absolutely, this is very common. > > >I was thinking, or maybe I > >could redirect that group of users to use a different version of the > >command > >``cd'' and ``ls'' so that it will only work within their home directories. > > You could, but that's probably a more difficult solution. > WIth "cd" it's effectively impossible to write a replacement for it. It's builtin into the shell, any program/script that does a cd cannot affect the current directory that is the parent of that script. -- Regards Cliff Sarginson The Netherlands [ This mail has been checked as virus-free ] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: restricting user's directory listing and changing
Jay Sern Liew wrote: Greetings. Basically, I have this group of users, that I give SSH/SFTP access, but I don't want them to be able to see the complete file hierarchy and ``cd'' to them. I just want a user to be able to access the user's home, and that's it Look at the docs on the chroot command, this is what you want (I think) I'm not 100% sure how to make sshd do a chroot when you log in, but I'd be real surprised if it's terribly difficult to do. Has anyone wanted to do this before? Absolutely, this is very common. I was thinking, or maybe I could redirect that group of users to use a different version of the command ``cd'' and ``ls'' so that it will only work within their home directories. You could, but that's probably a more difficult solution. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message