From owner-freebsd-security  Thu Aug 15  6:43:46 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BF3D737B400
	for <security@freebsd.org>; Thu, 15 Aug 2002 06:43:43 -0700 (PDT)
Received: from horkos.telenet-ops.be (horkos.telenet-ops.be [195.130.132.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1876D43E4A
	for <security@freebsd.org>; Thu, 15 Aug 2002 06:43:43 -0700 (PDT)
	(envelope-from philip@paeps.cx)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by horkos.telenet-ops.be (Postfix) with SMTP id D112E84098
	for <security@freebsd.org>; Thu, 15 Aug 2002 15:43:41 +0200 (CEST)
Received: from fortuna.home.paeps.cx (D5768732.kabel.telenet.be [213.118.135.50])
	by horkos.telenet-ops.be (Postfix) with ESMTP id 9A54083CB0
	for <security@freebsd.org>; Thu, 15 Aug 2002 15:43:41 +0200 (CEST)
Received: from juno.home.paeps.cx (juno [10.0.0.2])
	by fortuna.home.paeps.cx (Postfix) with ESMTP id 73B50784
	for <security@freebsd.org>; Thu, 15 Aug 2002 15:43:41 +0200 (CEST)
Received: by juno.home.paeps.cx (Postfix, from userid 1001)
	id 555A9676; Thu, 15 Aug 2002 15:43:41 +0200 (CEST)
Date: Thu, 15 Aug 2002 15:43:41 +0200
From: Philip Paeps <philip@paeps.cx>
To: security@freebsd.org
Subject: Chroot environment for ssh
Message-ID: <20020815134341.GO1144@juno.paeps.cx>
Mail-Followup-To: security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
X-Message-Flag: Get yourself a real mail client.  Try Mutt: <http://www.mutt.org/>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi guys -

I'm in the process of setting up a form of fileserver, and I'd like for my
users to be able to work only in their home directories, not anywhere else.  I
would like to use SSH for the connections, as opposed to FTP, but I don't want
users to be able to log into an interactive shell (only SCP/SFTP) and I don't
want them to 'escape' out of their home directories.

Anyone have any ideas on how I'd go about doing this?  I've been fiddling with
chrsh (a 'chroot shell') but it's not really what I want.

(I was debating with myself whether to post this on -questions of -security, I
hope I chose wisely in the end).

Thanks!

 - Philip

-- 
Philip Paeps
philip@paeps.cx
http://www.paeps.cx/

+32 486 114 720

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message