Re: How to restrict ssh user to the home directory ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You always have the option of changing their login shell to '/bin/bash -s' which
locks them in.  Unfortunately, it also takes away their access to things like,
'ls' and 'cp' and 'vi', etc., unless you include copies in their home folder.

You also need to remember that some apps like 'vim' will allow a user a shell
escape which can break the limits you set.  Make sure to give them access only
to the secure version.  For 'vim' that would be 'rvim'.

Benny


J. Bakshi wrote:
> Dear list,
> 
> I am running a remote suse server and need to give ssh access to the users who can work on their particular web folder only. The version of ssh server is openssh-5.0p1-21.1 
> 
> I have already did huge google search but could not find any sshd features which can allow ssh users
> to restrict them in their home directory. I have found some documentations where chroot or jailkit is used to achieve this and
> these need some more configuration and obviously "chown root:root <home-folder>" . But I need an option which simply restrict ssh users so that they can't browse beyond their home directory. It is also not possible to do "chown root:root <home-folder>" as the folders which are used as home directory are actually web folder under apache htdocs having apache permission.  I don't need sftp but ssh access. Is it really impossible to have this feature through ssh technology ?
> 
> Thanks
> 

- --

Benny Helms
Unix SysAdmin
Montana Interactive, LLC
Office: 406-449-3468 Ext 230
Mobile: 406-431-5927
benny@xxxxxxxxxx
Registered Linux user #287649 at http://counter.li.org


CONFIDENTIALITY NOTICE:
This email and any attachments are confidential. If you are not the intended
recipient, you do not have permission to disclose, copy, distribute, or open any
attachments. If you have received this email in error, please notify us
immediately by returning it to the sender and delete this copy from your system.

Thank you.
MT.gov / Montana Interactive
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ71ICAAoJEI4JEV90z/PryDEP/jI7CXpy6wUKcfrIGtjPnqcE
7zFCBiUvgP9r5qbtV37JYxllb63V6WsjK557iIXY2s2AG/UJH+/1+B5WbDAz3Z3l
0eQ4XNFc9lYgtDIkuRZjfAbB4H0yIgtairyUe57jm1p+ER9LynoD2klobgj+SHjN
gHhXJmDTeEgCaDnGFe4DavL7WrYeyLEKxS0Dbqt58aXPD54OiGRbrZNKlsIDGnZp
QSI7phOT7yQ3laU8MF0S07d4f7qm+2GwBeZjTklycaGg5gVGripQtsLtjwEeqMU8
8vwq56TWVo7pWbnPgEXqfYtGtWfRaisZn/q0I0vheOj2gb7OSKwqRzerklXU9Mi4
/TQVvJy9YG6bZPJzOjMaWPEP+kM75Uq45AqqCRGpLh2sF/eP4jsFHjbHthLWzRY3
fEHqi0mVyTK1D+0++yopb9QGSmSsnoAn+SBFVwLJdhz7e3La3Yw9x9fvEptm/KvI
cQcBSmnrnKzKSSC6oVfXDAOMzoZQedP8STalcm+WepdyNitWOwiUvyh0s/cXDT2x
ohgYosZbRZuVs8PQ2b5Y94v9CvuzONodI4f3dz1cM0Jwd8bswKBUqZJkbwfdMqt3
YBrhH6CFoF0Kck4pVIr9TEpT1GMrngOLOF0wDuHOWEh//2UwWwYKy541Ilz2QE+s
i6kXJLKEENivE2eVwqkm
=9d/u
-----END PGP SIGNATURE-----

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux