[TriLUG] does anyone know the correct procedures to

Jeremy Portzer jeremyp at pobox.com
Mon Nov 4 16:58:23 EST 2002


On Mon, 2002-11-04 at 14:48, Matthew Todd wrote:
> On Sun, 3 Nov 2002, Ben Simpson wrote:
> > chroot an ftp and or ssh server so that user can't just cd to the real "/"
> 
> 
> Hi Ben,
> 
> I sort of did this for an ssh (& thus, sftp) server a few months ago.
> 
> These pages were helpful:
> http://mail.incredimail.com/howto/openssh/
> http://ulf.zeitform.de/sshchroot/

There's also a "restricted mode" to bash, sometimes called "rsh" (not to
be confused with remote shell).  This is accomplished by adding the "-r"
flag when starting bash, or symlinking it to rbash.  Take a look at the
RESTRICTED SHELL section in the bash(1) man page.

I'm not sure how useful rbash would be in your situation, but it's worth
a look.  It might not allow you to change directories at all, which
would make it less useful with sftp, which IIRC relies on a number of
shell functions like cd.

--Jeremy




More information about the TriLUG mailing list