Re: [off-topic?] Chrooting ssh/telnet users?
recently i've worked on a small patch for openssh that chroots a user when
he logs in. it uses mysql for password auth. it is not posted anyware but
if you want it, send me a personal mail.
On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
> I have been asked for this and I was trying to figure out how to do it
> (would document it later on in the Securing-Debian-Manual). So please,
> excuse me if you feel this is off-topic.
> The problem is, how can an admin restrict remote access from a given user
> (through telnet and/or sshd) in order to limit his "moves" inside the
> operating system.
> Chrooting the daemon is a possibility, but it's not tailored in a per-user
> basis but globally to all users (besides you need all the tools that users
> might want to use in the jail). I'm looking more into a jailed enviroment
> like proftpd's when you sed "DefaultRoot ~" (jails the user into his home
> directory but he's able to use all commands, without having to setup all
> the libraries in it).
> AFAIK, pam only allows to limit some user accesses (cores, memory
> limits..) not users "movement" in the OS
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com