[off-topic?] Chrooting ssh/telnet users?
I have been asked for this and I was trying to figure out how to do it
(would document it later on in the Securing-Debian-Manual). So please,
excuse me if you feel this is off-topic.
The problem is, how can an admin restrict remote access from a given user
(through telnet and/or sshd) in order to limit his "moves" inside the
Chrooting the daemon is a possibility, but it's not tailored in a per-user
basis but globally to all users (besides you need all the tools that users
might want to use in the jail). I'm looking more into a jailed enviroment
like proftpd's when you sed "DefaultRoot ~" (jails the user into his home
directory but he's able to use all commands, without having to setup all
the libraries in it).
AFAIK, pam only allows to limit some user accesses (cores, memory
limits..) not users "movement" in the OS