From owner-freebsd-questions  Fri Nov 13 19:19:27 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA09290
          for freebsd-questions-outgoing; Fri, 13 Nov 1998 19:19:27 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from emu.sourcee.com (emu.sourcee.com [199.201.159.173])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA09284
          for <questions@FreeBSD.ORG>; Fri, 13 Nov 1998 19:19:25 -0800 (PST)
          (envelope-from nrice@emu.sourcee.com)
Received: (from nrice@localhost)
	by emu.sourcee.com (8.9.1/8.9.1) id WAA00979;
	Fri, 13 Nov 1998 22:19:01 -0500 (EST)
Message-ID: <19981113221901.B663@emu.sourcee.com>
Date: Fri, 13 Nov 1998 22:19:01 -0500
From: "Norman C. Rice" <nrice@emu.sourcee.com>
To: Greg Lehey <grog@lemis.com>, Jerry <jerryr@ComCAT.COM>,
        questions@FreeBSD.ORG
Subject: Re: limit user to home dir
References: <Pine.GSO.4.02A.9811121925280.26876-100000@uw> <19981113172541.B781@freebie.lemis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <19981113172541.B781@freebie.lemis.com>; from Greg Lehey on Fri, Nov 13, 1998 at 05:25:41PM +1030
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Nov 13, 1998 at 05:25:41PM +1030, Greg Lehey wrote:
> On Thursday, 12 November 1998 at 19:27:35 -0500, Jerry wrote:
> > I'm sure there's a way but I can't find anything about it.  Is there a way
> > to limit every  user or users belonging to a group to their own home dir
> > when they ftp or telnet?
> 
> ftp:    Put the user's ID in /etc/ftpchroot.
> telnet: The answer *should* be "give him a restricted shell", but we
> 	don't appear to have one.  

If you install the bash2 port, you can use it as a restricted shell
by starting it as `rbash'.

Create a symbolic link to bash named rbash.

 ln -s /usr/local/bin/bash /bin/rbash

Create a restricted script similar to the following.

 #!/bin/sh

 # path the user has access to
 PATH=/bin

 exec rbash

Use vipw to make the restricted script the user's login shell
and add the restricted script's name to /etc/shells.

I believe this will imprison the user to their home directory.

See the bash(1) man page for details.
-- 
Regards,
Norman C. Rice, Jr.

>   It might work if you give him
> 	/usr/sbin/chroot <dir> /bin/sh as a shell in /etc/passwd, but
> 	I haven't tried it.
> 
> man pages: ftpd(8), telnetd(8), chroot(8).
> 
> Greg
> --
> See complete headers for address, home page and phone numbers
> finger grog@lemis.com for PGP public key

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message