Re: Chrooting users the right way
[EMAIL PROTECTED] wrote: Hi I am setting up a new OpenBSD machine in which I want to chroot users. I don't want to use any of the patching solutions to OpenSSH but want to implement a real system chroot solution so any user, who is chrooted, is jailed even if he logs in manually. I have tried to find articles on this, but haven't been succesfull. Does anyone know of a good tutorial on how to do this on OpenBSD? Best and kind regards. Rico Secada. Hi, Take a look at sysjail (http://sysjail.bsd.lv/). It is more or less what you want.
Re: Chrooting users the right way
[EMAIL PROTECTED] wrote: Hi I am setting up a new OpenBSD machine in which I want to chroot users. I don't want to use any of the patching solutions to OpenSSH but want to implement a real system chroot solution so any user, who is chrooted, is jailed even if he logs in manually. I have tried to find articles on this, but haven't been succesfull. Does anyone know of a good tutorial on how to do this on OpenBSD? Best and kind regards. Rico Secada. Hi, just try to use combination of directives of sshd_config (Match ForceCommand) and your own made script-wrapper for systrace... Something like this: sshd_config ForceCommand /path/to/systrace-wrapper systrace-wrapper: /bin/systrace -a /usr/libexec/sftp-server
Chrooting users the right way
Hi I am setting up a new OpenBSD machine in which I want to chroot users. I don't want to use any of the patching solutions to OpenSSH but want to implement a real system chroot solution so any user, who is chrooted, is jailed even if he logs in manually. I have tried to find articles on this, but haven't been succesfull. Does anyone know of a good tutorial on how to do this on OpenBSD? Best and kind regards. Rico Secada.
Re: Chrooting users the right way
On Mon, 14 May 2007 02:43:59 +0200 [EMAIL PROTECTED] wrote: Follow-up: I found some posts on the archive about this being a very bad idea, would someone mind explaining why? On this particular system some users are trusted, but others are less trusted. The system contains some different specific files, which only the trusted user may look at. Is it a better way to simply create a group and put trusted users into that group and making that group the group of the files (chmod 750)? Also a few setups in etc are unwanted reading for less trusted user, how should one deal with that then? Forgive my ignorence on this issue! Hi I am setting up a new OpenBSD machine in which I want to chroot users. I don't want to use any of the patching solutions to OpenSSH but want to implement a real system chroot solution so any user, who is chrooted, is jailed even if he logs in manually. I have tried to find articles on this, but haven't been succesfull. Does anyone know of a good tutorial on how to do this on OpenBSD? Best and kind regards. Rico Secada.
