[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [off-topic?] Chrooting ssh/telnet users?

argh, this sounds like the sort of thing that would've been useful
when i set up rsync on our company backup machine (as opposed to writing
a small shell that chrooted and ran rsync).

it doesn't appear to be in debian unstable; apt-cache shows no third
party module for it, and it's most definitely not included in stock pam.
according to the rpm changelog, redhat added it on 10/02/00, somewhere
 before 0.73 was merged.  the readme in the modules/chroot directory
identifies the source as ftp://ferret.lmh.ox.ac.uk/users/weejock/pam_chroot/.

i would love to see it packaged; i put redhat's source tarball at

On Fri, Oct 26, 2001 at 05:25:28PM +0200, Christian Kurz wrote:
> On 26/10/01, Javier Fern?ndez-Sanguino Pe?a wrote:
> > The problem is, how can an admin restrict remote access from a given user
> > (through telnet and/or sshd) in order to limit his "moves" inside the
> > operating system.
> [...]
> > AFAIK, pam only allows to limit some user accesses (cores, memory
> > limits..) not users "movement" in the OS
> That's a wrong assumption. At least RedHat contains a pam_chroot.so
> module which can be used in connection with the latest ssh to limit a
> user into a chroot. I'm just wondering if that module is packaged
> already for debian or not.
> Christian
> -- 
>            Debian Developer (http://www.debian.org)
> 1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

"I think a lot of the basis of the open source movement comes from
  procrastinating students..."
	-- Andrew Tridgell <http://www.linux-mag.com/2001-07/tridgell_04.html>

Reply to: