Re: adding secure accounts for remote users?

To: debian-user@lists.debian.org
Subject: Re: adding secure accounts for remote users?
From: Eric Gerlach <egerlach@feds.uwaterloo.ca>
Date: Sat, 14 Feb 2009 17:18:44 -0500
Message-id: <[🔎] 20090214221843.GO1824@wks0003>
In-reply-to: <[🔎] ecfa260c0902141210v17314548x53c9807f27e239ee@mail.gmail.com>
References: <[🔎] ecfa260c0902141210v17314548x53c9807f27e239ee@mail.gmail.com>

On Sat, Feb 14, 2009 at 03:10:07PM -0500, Zach Uram wrote:
> I want to give some friends accounts on my server so that they can
> 
> 1) ssh in to the sever
> 2) have web space on the apache2 webserver such as $HOME/public_html
> so they would be http://www.server.org/~user
> 
> How exactly can I setup these 2 things?
> 
> Also how can I restrict the users to *only* their $HOME directory so
> they cannot cd or ls any other directories or files on my filesystem?
> 
> Running Debian lenny.

If all you're looking to do is give them the ability to SFTP, you can do the
following:

http://www.debian-administration.org/articles/590

However, if they need a shell prompt, that's a lot harder.  You'll have to
create a chroot jail (and note that they aren't perfect).  Google for "chroot
ssh" to get more information.  Spend a *lot* of time reading up, because it's
not trivial.  Also you'll have to put a copy of every command you want your
users to be able to run in the jail.

Overall, if you can convince your users to live with SFTP only, do that.  It's
what we've done in one case, and nobody really cares most of the time.

Cheers,

-- 
Eric Gerlach, Network Administrator
Federation of Students
University of Waterloo
p: (519) 888-4567 x36329
e: egerlach@feds.uwaterloo.ca

Reply to:

References:
- adding secure accounts for remote users?
  - From: Zach Uram <netrek@gmail.com>

Prev by Date: Re: email accounts for exim4
Next by Date: Re: [OT] Friday the 13th
Previous by thread: Re: adding secure accounts for remote users?
Next by thread: Re: adding secure accounts for remote users?
Index(es):
- Date
- Thread