From owner-freebsd-security  Sat Jan  4  8:45:21 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0A1A137B406
	for <security@freebsd.org>; Sat,  4 Jan 2003 08:45:19 -0800 (PST)
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 81EF343EC2
	for <security@freebsd.org>; Sat,  4 Jan 2003 08:45:18 -0800 (PST)
	(envelope-from freebsd-security-local@be-well.no-ip.com)
Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com[24.147.188.198])
          by rwcrmhc53.attbi.com (rwcrmhc53) with ESMTP
          id <2003010416451705300sepn6e>; Sat, 4 Jan 2003 16:45:18 +0000
Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198] (may be forged))
	by be-well.ilk.org (8.12.6/8.12.6) with ESMTP id h04GjHGZ001659;
	Sat, 4 Jan 2003 11:45:17 -0500 (EST)
	(envelope-from freebsd-security-local@be-well.no-ip.com)
Received: (from lowell@localhost)
	by be-well.ilk.org (8.12.6/8.12.6/Submit) id h04GjGW3001656;
	Sat, 4 Jan 2003 11:45:16 -0500 (EST)
X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-security-local@be-well.ilk.org using -f
To: "Max Clark" <max@clarksys.com>
Cc: <security@FreeBSD.ORG>
Subject: Re: Shell access in chroot?
References: <004f01c2b36d$612ecf20$4400060a@minimax>
From: Lowell Gilbert <freebsd-security-local@be-well.no-ip.com>
Date: 04 Jan 2003 11:45:16 -0500
In-Reply-To: <004f01c2b36d$612ecf20$4400060a@minimax>
Message-ID: <44smw8dftv.fsf@be-well.ilk.org>
Lines: 12
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

"Max Clark" <max@clarksys.com> writes:

> Hi all,
> 
> I would like to set up a box and provide limited shell access to users.
> Is there a way I could chroot a user on a ssh/telnet session like ftp?
> 
> If I were to give shell access to users, what kind of local security
> hardening should I employ? Tips/Suggestions would be greatly
> appreciated.

man jail(8) or for less strenuous uses, chroot(8)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message