[TriLUG] does anyone know the correct procedures to
Jeremy Portzer
jeremyp at pobox.com
Mon Nov 4 16:58:23 EST 2002
On Mon, 2002-11-04 at 14:48, Matthew Todd wrote:
> On Sun, 3 Nov 2002, Ben Simpson wrote:
> > chroot an ftp and or ssh server so that user can't just cd to the real "/"
>
>
> Hi Ben,
>
> I sort of did this for an ssh (& thus, sftp) server a few months ago.
>
> These pages were helpful:
> http://mail.incredimail.com/howto/openssh/
> http://ulf.zeitform.de/sshchroot/
There's also a "restricted mode" to bash, sometimes called "rsh" (not to
be confused with remote shell). This is accomplished by adding the "-r"
flag when starting bash, or symlinking it to rbash. Take a look at the
RESTRICTED SHELL section in the bash(1) man page.
I'm not sure how useful rbash would be in your situation, but it's worth
a look. It might not allow you to change directories at all, which
would make it less useful with sftp, which IIRC relies on a number of
shell functions like cd.
--Jeremy
More information about the TriLUG
mailing list