From owner-freebsd-security Fri Jan 3 14:45: 7 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB96437B401 for ; Fri, 3 Jan 2003 14:45:05 -0800 (PST) Received: from deevil.homeunix.org (adsl-34-239-158.bct.bellsouth.net [67.34.239.158]) by mx1.FreeBSD.org (Postfix) with SMTP id C286B43EC2 for ; Fri, 3 Jan 2003 14:45:04 -0800 (PST) (envelope-from deevil@deevil.homeunix.org) Received: (qmail 40818 invoked by uid 1001); 3 Jan 2003 22:46:55 -0000 Date: Fri, 3 Jan 2003 17:46:55 -0500 From: Ken Ebling To: freebsd-security@freebsd.org Subject: Re: Shell access in chroot? Message-ID: <20030103224655.GB40799@deevil.homeunix.org> References: <004f01c2b36d$612ecf20$4400060a@minimax> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <004f01c2b36d$612ecf20$4400060a@minimax> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've played with CHRSH (http://www.aarongifford.com/computers/chrsh.html) a bit and found it to be very useful for that purpose, but sometimes a pain to setup. Just pay attention to the directions and write a shell script to install it if you plan on having many users with chrooted shells. Ken On Fri, Jan 03, 2003 at 01:16:27PM -0800, Max Clark wrote: > Hi all, > > I would like to set up a box and provide limited shell access to users. > Is there a way I could chroot a user on a ssh/telnet session like ftp? > > If I were to give shell access to users, what kind of local security > hardening should I employ? Tips/Suggestions would be greatly > appreciated. > > Thanks in advance, > > Max To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message