Date: Thu, 29 Jan 2004 12:29:28 -0600 From: Michael Clark <MClark@Nemschoff.com> To: 'Gautam Gopalakrishnan' <ggop@madras.dyndns.org>, freebsd-questions@FreeBSD.ORG Subject: RE: locking a user into one directory Message-ID: <A2A28DB6D52E084783ACD6E6C6F5D790B43E79@EMAILSERVER2.nemschoff.com>
next in thread | raw e-mail | index | archive | help
Restricted shells are really fairly worthless security wise. You can do this with cudo and chroot, or with jail, or with sshd2 which is in ports. This can become tricky getting all the programs you want to function. http://www.tjw.org/chroot-login-HOWTO/ sshd2 would be the easy way to do this. It is in ports. Only problem is its not our beloved OpenSSH -----Original Message----- From: Gautam Gopalakrishnan [mailto:ggop@madras.dyndns.org] Sent: Wednesday, January 28, 2004 9:42 PM To: freebsd-questions@FreeBSD.ORG Subject: Re: locking a user into one directory On Wed, Jan 28, 2004 at 09:59:11PM -0500, Lowell Gilbert wrote: > Dragoncrest <dragoncrest@voyager.net> writes: > > > I've seen this explained before, but I've never taken much > > interest in it as I never had a need for it. Well, it's starting to > > look like I do. What I'm wanting to do is give shell access to a user > > to shell into the mail server, check their mail, and that's it. I > > don't want them to be able to wander outside of their home directory. > > I think it's called a jail, but I don't remember. Does anyone know > > what it is I need and have a tutorial for it or know where I can find > > one? Much appreciated. > > Um, you mean "man jail"? > Or maybe "man chroot"... Or you could use a restricted shell, maybe zsh or bash. http://www.faqs.org/docs/bashman/bashref_75.html Gautam _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and all such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A2A28DB6D52E084783ACD6E6C6F5D790B43E79>