home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] jailing users?

On Wed, Jan 18, 2006 at 03:57:24PM -0500, jbuburuz [ at ] sce [ dot ] carleton [ dot ] ca wrote:
> 
> I'm trying to find out if there is a way to jail users in the /home/$USER?

I believe you can do this easily with SSHv2 from ftp.ssh.com. This
version of ssh has the configuration options ChRootGroups, and
ChRootUsers. You will want to enable the internal sftp server. See man
sshd2_config.

You should also prevent port forwarding and similar options. See the
manpage. For added security you may be able to set the users' shell to
/bin/false. I do not use a chroot setup so you will need to test it
yourself.

SSHv2 is non-free, but the source code is open. You can use SSHv2
under a non comercial licence if you use it on Linux or one of the
BSDs. There may be a clause for accedemic use as well. See the
licence.

-- 
sg


references

message navigation