Re: [off-topic?] Chrooting ssh/telnet users?
argh, this sounds like the sort of thing that would've been useful
when i set up rsync on our company backup machine (as opposed to writing
a small shell that chrooted and ran rsync).
it doesn't appear to be in debian unstable; apt-cache shows no third
party module for it, and it's most definitely not included in stock pam.
according to the rpm changelog, redhat added it on 10/02/00, somewhere
before 0.73 was merged. the readme in the modules/chroot directory
identifies the source as ftp://ferret.lmh.ox.ac.uk/users/weejock/pam_chroot/.
i would love to see it packaged; i put redhat's source tarball at
http://etc.mp3revolution.net/pam-redhat-0.74-22.tar.gz
On Fri, Oct 26, 2001 at 05:25:28PM +0200, Christian Kurz wrote:
>
> On 26/10/01, Javier Fern?ndez-Sanguino Pe?a wrote:
> > The problem is, how can an admin restrict remote access from a given user
> > (through telnet and/or sshd) in order to limit his "moves" inside the
> > operating system.
> [...]
> > AFAIK, pam only allows to limit some user accesses (cores, memory
> > limits..) not users "movement" in the OS
>
> That's a wrong assumption. At least RedHat contains a pam_chroot.so
> module which can be used in connection with the latest ssh to limit a
> user into a chroot. I'm just wondering if that module is packaged
> already for debian or not.
>
> Christian
> --
> Debian Developer (http://www.debian.org)
> 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
--
"I think a lot of the basis of the open source movement comes from
procrastinating students..."
-- Andrew Tridgell <http://www.linux-mag.com/2001-07/tridgell_04.html>
Reply to: