Date: Tue, 30 May 2006 08:56:06 +0000 From: "Marwan Sultan" <dead_line@hotmail.com> To: gil@asol.com.ph Cc: freebsd@amadeus.demon.nl, questions@freebsd.org, dimitar.vassilev@gmail.com Subject: Re: User Access restriction. Message-ID: <BAY20-F581481997A7225DDC07E69A920@phx.gbl> In-Reply-To: <016a01c68389$0a99fd20$5ac8a8c0@loui>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
Yes, I understand that To lockup a user from navigating outside their home
directories through
ftp, I simply can add them to /etc/ftpchroot and when a user connects It
wont allow him
to go any level higher than his Home Directory.
No need for proftpd as additional port, because the base system will do it
throu /etc/ftpchroot
BUT!!
The user can connect through SSH and navigate,
Here where my information stops,
2 questions,
1) How do I have a list from few users to disallow them using SSH?
is there any where i add a user to disallow him from using SSH?
2) If I want to lock the user through his SSH session not FTP session whats
the way?
Is jail the only way? no easier way? chroot can do it? how if yes? or
whats the alternatives?
Thank you guys for following up with me.
Marwan
>
>to restrict users from navigating outside their home directories through
>FTP try using an FTP server that support chrooting. you might want to check
>proftpd. http://www.proftpd.org/
>it is also included in the ports collection.
>
>hope this helps :)
>
>
>=================================
>Gil A. Virtucio
>Janitor/Kolektor/Messenger/Driver
>Asia Solution Phillippines Inc.
>28/F Antel Global Corporate Center
>3 Doņa Julia Vargas Avenue,
>Ortigas Center, Pasig
>Office # : +63-2-687-0692 loc. 103
>Mobile # : +63-916-3989695
>http://www.gihl.eu.org/
>=================================
>----- Original Message ----- From: "Marwan Sultan" <dead_line@hotmail.com>
>To: <freebsd-questions@freebsd.org>
>Sent: Tuesday, May 30, 2006 5:15 AM
>Subject: User Access restriction.
>
>
>>Hello Everyone,
>>
>> I have a server Up and running, 4.8-R, (well why 4.8? its up since
>>years)
>> However, this server is for commercial use, recently, we started Home
>>pages hosting,
>> which requier me to give the user access to the shell,
>>
>> Well, the question,
>>
>> Lets say, I have 2 groups, Group1, Group2
>> under Groupe1 is the webpages shell accounts (user accounts)
>> and group2, just shell users,
>>
>> If user1 from Group1 will ftp or ssh to the box, his default home path
>>will be
>> /home/group1/user1
>>But, he still can navigate thro his FTP or ssh to see the directories and
>>read files of group1 or
>>group2, and play around lilbit,
>>
>>PLEASE how to restrict this user from going outside his shell account and
>>restrict him from
>>viewing others folders and webpages ? If i will chmod to something
>>limited, then even when
>>he browse the web to his webpage it wont work,
>>
>>So how to have the restriction in the same time viewing his web thro any
>>browser worldwide?
>>
>>Sorry for the long email.
>>
>>Thank you,
>>Marwan
>>
>>_________________________________________________________________
>>Express yourself instantly with MSN Messenger! Download today it's FREE!
>>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>>_______________________________________________
>>freebsd-questions@freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>To unsubscribe, send any mail to
>>"freebsd-questions-unsubscribe@freebsd.org"
>>
>
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe@freebsd.org"
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY20-F581481997A7225DDC07E69A920>