Re: [off-topic?] Chrooting ssh/telnet users?

To: dubeys@bxscience.edu
Cc: Javier Fernández-Sanguino Peña <jfs@computer.org>, debian-security@lists.debian.org
Subject: Re: [off-topic?] Chrooting ssh/telnet users?
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: 28 Oct 2001 13:56:53 +0000
Message-id: <86lmhvq34q.fsf@potato.vegetable.org.uk>
Reply-to: debian@stirfried.vegetable.org.uk
In-reply-to: <200110270243.f9R2h9h41156@voyager.bxscience.edu> (Sunny Dubey's message of "Fri, 26 Oct 2001 22:20:05 -0400")
References: <20011026151454.A10907@dat.etsit.upm.es> <200110270243.f9R2h9h41156@voyager.bxscience.edu>

Sunny Dubey <dubeys@bxscience.edu> writes:

> > The problem is, how can an admin restrict remote access from a given
> > user (through telnet and/or sshd) in order to limit his "moves" inside
> > the operating system.
> 
> no idea if this will help
> 
> but you could change their shells from bash to rbash (or bash -r)
> its pretty crappy however

rbash seems to go out of its way to make life hard for someone - no ability
to execute `cd' or `alias' at all, that sort of thing. It's not a lot of
use if you want a complete chroot()ed environment with ability to do
whatever they like within it; it's normally more useful to be able to
organize your files into directories which rbash doesn't exactly help with.

~Tim
-- 
The light of the world keeps shining,       |piglet@stirfried.vegetable.org.uk
Bright in the primal glow                   |http://spodzone.org.uk/

Reply to:

References:
- [off-topic?] Chrooting ssh/telnet users?
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: [off-topic?] Chrooting ssh/telnet users?
  - From: Sunny Dubey <dubeys@bxscience.edu>

Prev by Date: Re: [off-topic?] Chrooting ssh/telnet users?
Next by Date: Re: [off-topic?] Chrooting ssh/telnet users?
Previous by thread: Re: [off-topic?] Chrooting ssh/telnet users?
Next by thread: RE: [off-topic?] Chrooting ssh/telnet users?
Index(es):
- Date
- Thread