TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [TCLUG:16756] Restricted shell
- To: <tclug-list@mn-linux.org>
- Subject: RE: [TCLUG:16756] Restricted shell
- From: "Eric Hillman" <ehillman@cccu.com>
- Date: Wed, 26 Apr 2000 13:13:48 -0500
- Importance: Normal
- In-Reply-To: <200004261801.NAA14987@acm.cs.umn.edu>
> > Anyone using a restricted shell to control where users can go? If so,
> > what are you using? I know bash2 has a restrictive option which looks
> > pretty good. Anyone use it?
> >
> > We have some users that want to log into my web server via ssh, but I
> > want to restrict them to only their home directories.
> >
> >
>Have you tried making their home directory look like their root directory?
>This is what anon ftp does. /home/ftp (or whatever) looks to the anonymous
>user like / The command to set it is chroot. man chroot should explain more.
>
The problem is that then the user is restricted to running only shell commands
or files that are in their home directory. I suppose you might be able to do
something tricky with symlinks and give them access to a hand-picked selection
of tools in ~/bin... But even then, without any restrictions on what shell
commands they can use, a user might accidentally be able to bring your server to
a halt...
I'd be interested in other people's thoughts on this kind of thing too -- I'm
starting to let a few people access my home server thru ssh, and I'd like to
keep them fenced in, without completely straitjacketing them.
--
Eric Hillman
UNIX Sysadmin/Webmaster
City & County Credit Union
ehillman@cccu.com