On Wed, 22 Apr 2009 11:21:06 -0600 Benny Helms <benny@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You always have the option of changing their login shell to > '/bin/bash -s' which locks them in. Unfortunately, it also takes > away their access to things like, 'ls' and 'cp' and 'vi', etc., > unless you include copies in their home folder. > > You also need to remember that some apps like 'vim' will allow a user > a shell escape which can break the limits you set. Make sure to give > them access only to the secure version. For 'vim' that would be > 'rvim'. thanks a lot for the rvim tip. I am grateful to you to make me aware that vim allows shell access. > > Benny > > > J. Bakshi wrote: > > Dear list, > > > > I am running a remote suse server and need to give ssh access to > > the users who can work on their particular web folder only. The > > version of ssh server is openssh-5.0p1-21.1 > > > > I have already did huge google search but could not find any sshd > > features which can allow ssh users to restrict them in their home > > directory. I have found some documentations where chroot or jailkit > > is used to achieve this and these need some more configuration and > > obviously "chown root:root <home-folder>" . But I need an option > > which simply restrict ssh users so that they can't browse beyond > > their home directory. It is also not possible to do "chown > > root:root <home-folder>" as the folders which are used as home > > directory are actually web folder under apache htdocs having apache > > permission. I don't need sftp but ssh access. Is it really > > impossible to have this feature through ssh technology ? > > > > Thanks > > > > - -- > > Benny Helms > Unix SysAdmin > Montana Interactive, LLC > Office: 406-449-3468 Ext 230 > Mobile: 406-431-5927 > benny@xxxxxxxxxx > Registered Linux user #287649 at http://counter.li.org > > > CONFIDENTIALITY NOTICE: > This email and any attachments are confidential. If you are not the > intended recipient, you do not have permission to disclose, copy, > distribute, or open any attachments. If you have received this email > in error, please notify us immediately by returning it to the sender > and delete this copy from your system. > > Thank you. > MT.gov / Montana Interactive > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iQIcBAEBAgAGBQJJ71ICAAoJEI4JEV90z/PryDEP/jI7CXpy6wUKcfrIGtjPnqcE > 7zFCBiUvgP9r5qbtV37JYxllb63V6WsjK557iIXY2s2AG/UJH+/1+B5WbDAz3Z3l > 0eQ4XNFc9lYgtDIkuRZjfAbB4H0yIgtairyUe57jm1p+ER9LynoD2klobgj+SHjN > gHhXJmDTeEgCaDnGFe4DavL7WrYeyLEKxS0Dbqt58aXPD54OiGRbrZNKlsIDGnZp > QSI7phOT7yQ3laU8MF0S07d4f7qm+2GwBeZjTklycaGg5gVGripQtsLtjwEeqMU8 > 8vwq56TWVo7pWbnPgEXqfYtGtWfRaisZn/q0I0vheOj2gb7OSKwqRzerklXU9Mi4 > /TQVvJy9YG6bZPJzOjMaWPEP+kM75Uq45AqqCRGpLh2sF/eP4jsFHjbHthLWzRY3 > fEHqi0mVyTK1D+0++yopb9QGSmSsnoAn+SBFVwLJdhz7e3La3Yw9x9fvEptm/KvI > cQcBSmnrnKzKSSC6oVfXDAOMzoZQedP8STalcm+WepdyNitWOwiUvyh0s/cXDT2x > ohgYosZbRZuVs8PQ2b5Y94v9CvuzONodI4f3dz1cM0Jwd8bswKBUqZJkbwfdMqt3 > YBrhH6CFoF0Kck4pVIr9TEpT1GMrngOLOF0wDuHOWEh//2UwWwYKy541Ilz2QE+s > i6kXJLKEENivE2eVwqkm > =9d/u > -----END PGP SIGNATURE-----
