TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TCLUG:16756] Restricted shell

> > Anyone using a restricted shell to control where users can go? If so,
> > what are you using? I know bash2 has a restrictive option which looks
> > pretty good. Anyone use it?
> >
> > We have some users that want to log into my web server via ssh, but I
> > want to restrict them to only their home directories.
> >
> >

>Have you tried making their home directory look like their root directory?
>This is what anon ftp does.  /home/ftp (or whatever) looks to the anonymous
>user like /  The command to set it is chroot.  man chroot should explain more.

The problem is that then the user is restricted to running only shell commands
or files that are in their home directory.  I suppose you might be able to do
something tricky with symlinks and give them access to a hand-picked selection
of tools in ~/bin...  But even then, without any restrictions on what shell
commands they can use, a user might accidentally be able to bring your server to
a halt...

I'd be interested in other people's thoughts on this kind of thing too -- I'm
starting to let a few people access my home server thru ssh, and I'd like to
keep them fenced in, without completely straitjacketing them.

Eric Hillman
UNIX Sysadmin/Webmaster
City & County Credit Union