Date: Fri, 13 Nov 1998 22:19:01 -0500 From: "Norman C. Rice" <nrice@emu.sourcee.com> To: Greg Lehey <grog@lemis.com>, Jerry <jerryr@ComCAT.COM>, questions@FreeBSD.ORG Subject: Re: limit user to home dir Message-ID: <19981113221901.B663@emu.sourcee.com> In-Reply-To: <19981113172541.B781@freebie.lemis.com>; from Greg Lehey on Fri, Nov 13, 1998 at 05:25:41PM %2B1030 References: <Pine.GSO.4.02A.9811121925280.26876-100000@uw> <19981113172541.B781@freebie.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 13, 1998 at 05:25:41PM +1030, Greg Lehey wrote: > On Thursday, 12 November 1998 at 19:27:35 -0500, Jerry wrote: > > I'm sure there's a way but I can't find anything about it. Is there a way > > to limit every user or users belonging to a group to their own home dir > > when they ftp or telnet? > > ftp: Put the user's ID in /etc/ftpchroot. > telnet: The answer *should* be "give him a restricted shell", but we > don't appear to have one. If you install the bash2 port, you can use it as a restricted shell by starting it as `rbash'. Create a symbolic link to bash named rbash. ln -s /usr/local/bin/bash /bin/rbash Create a restricted script similar to the following. #!/bin/sh # path the user has access to PATH=/bin exec rbash Use vipw to make the restricted script the user's login shell and add the restricted script's name to /etc/shells. I believe this will imprison the user to their home directory. See the bash(1) man page for details. -- Regards, Norman C. Rice, Jr. > It might work if you give him > /usr/sbin/chroot <dir> /bin/sh as a shell in /etc/passwd, but > I haven't tried it. > > man pages: ftpd(8), telnetd(8), chroot(8). > > Greg > -- > See complete headers for address, home page and phone numbers > finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981113221901.B663>