From owner-freebsd-questions Fri Jan 31 11:30:58 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E726237B401 for ; Fri, 31 Jan 2003 11:30:56 -0800 (PST) Received: from post-20.mail.nl.demon.net (post-20.mail.nl.demon.net [194.159.73.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A27B43E4A for ; Fri, 31 Jan 2003 11:30:54 -0800 (PST) (envelope-from cls@raggedclown.net) Received: from [212.238.197.102] (helo=mailhost.raggedclown.net) by post-20.mail.nl.demon.net with esmtp (Exim 3.36 #1) id 18egsG-000AZq-00 for freebsd-questions@freebsd.org; Fri, 31 Jan 2003 19:30:52 +0000 Received: from localhost (localhost [127.0.0.1]) by mailhost.raggedclown.net (Ragged Clown Mail Gateway [dawn]) with ESMTP id 738E91A17 for ; Fri, 31 Jan 2003 20:30:51 +0100 (CET) Received: from willow.raggedclown.net (willow.raggedclown.intra [192.168.1.10]) by mailhost.raggedclown.net (Ragged Clown Mail Gateway [dawn]) with ESMTP id 682BAF09 for ; Fri, 31 Jan 2003 20:30:40 +0100 (CET) Received: by willow.raggedclown.net (Ragged Clown Host [willow], from userid 1009) id 0C57322593; Fri, 31 Jan 2003 20:30:41 +0100 (CET) Date: Fri, 31 Jan 2003 20:30:41 +0100 From: Cliff Sarginson To: freebsd-questions@freebsd.org Subject: Re: restricting user's directory listing and changing Message-ID: <20030131193041.GB1019@raggedclown.net> References: <1044035168.3e3ab660cc8d5@horde-send.sendtech.net> <3E3ACC2D.5020506@potentialtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E3ACC2D.5020506@potentialtech.com> User-Agent: Mutt/1.5.3i X-Virus-Scanned: by AMaViS 0.3.12pre8 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jan 31, 2003 at 02:19:09PM -0500, Bill Moran wrote: > Jay Sern Liew wrote: > >Greetings. > > > > Basically, I have this group of users, that I give SSH/SFTP access, > > but I > >don't want them to be able to see the complete file hierarchy and ``cd'' to > >them. I just want a user to be able to access the user's home, and that's > >it > > Look at the docs on the chroot command, this is what you want (I think) > I'm not 100% sure how to make sshd do a chroot when you log in, but I'd > be real surprised if it's terribly difficult to do. > > >Has anyone wanted to do this before? > > Absolutely, this is very common. > > >I was thinking, or maybe I > >could redirect that group of users to use a different version of the > >command > >``cd'' and ``ls'' so that it will only work within their home directories. > > You could, but that's probably a more difficult solution. > WIth "cd" it's effectively impossible to write a replacement for it. It's builtin into the shell, any program/script that does a cd cannot affect the current directory that is the parent of that script. -- Regards Cliff Sarginson The Netherlands [ This mail has been checked as virus-free ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message