Re: [off-topic?] Chrooting ssh/telnet users?

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: [off-topic?] Chrooting ssh/telnet users?
From: Bart-Jan Vrielink <bartjan@vrielink.net>
Date: Fri, 26 Oct 2001 16:57:59 +0200 (CEST)
Message-id: <Pine.LNX.4.33.0110261656340.964-100000@vrielink>
In-reply-to: <Pine.SOL.4.31.0110260951000.12013-100000@copland.udel.edu>

On Fri, 26 Oct 2001, Rishi L Khan wrote:

> Set the shell for the user in /etc/passwd to a script that chroots and
> then spawns a shell.

That is very difficult to do. Chroot can only be run by root.

> On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
>
> > I have been asked for this and I was trying to figure out how to do it
> > (would document it later on in the Securing-Debian-Manual). So please,
> > excuse me if you feel this is off-topic.
> >
> > The problem is, how can an admin restrict remote access from a given user
> > (through telnet and/or sshd) in order to limit his "moves" inside the
> > operating system.
> >
> > Chrooting the daemon is a possibility, but it's not tailored in a per-user
> > basis but globally to all users (besides you need all the tools that users
> > might want to use in the jail). I'm looking more into a jailed enviroment
> > like proftpd's when you sed "DefaultRoot ~" (jails the user into his home
> > directory but he's able to use all commands, without having to setup all
> > the libraries in it).
> >
> > AFAIK, pam only allows to limit some user accesses (cores, memory
> > limits..) not users "movement" in the OS

-- 
Tot ziens,

Bart-Jan

Reply to:

References:
- Re: [off-topic?] Chrooting ssh/telnet users?
  - From: Rishi L Khan <rishi@UDel.Edu>

Prev by Date: Re: [off-topic?] Chrooting ssh/telnet users?
Next by Date: Re: [off-topic?] Chrooting ssh/telnet users?
Previous by thread: Re: [off-topic?] Chrooting ssh/telnet users?
Next by thread: Re: [off-topic?] Chrooting ssh/telnet users?
Index(es):
- Date
- Thread