Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Magnus on October 31, 2003, 07:30:28 PM

Title: Loch user in home directory
Post by: Magnus on October 31, 2003, 07:30:28 PM

Is there a way to lock the user in hes home directory.
Got few that got ssh access and i want them locked in there acconts.
No access to the rest of the server.

Thanx

Title: Re: Loch user in home directory
Post by: Beaker on November 01, 2003, 06:53:10 AM

yeah I am also interested in this

Title: Re: Loch user in home directory
Post by: Craig on November 02, 2003, 12:03:05 AM

This is not possible as far as I know.

The whole idea of telnet was that you could control the remote computer as if you were sat in font of it.  When your sat in front of the computer you can generally 'wander' all over the system and have look around, permissions allowing.

Ssh works for most people the same as telnet but any data transmitted is encrypted.

On most unix systems that I know you can look at quite a few config files (such as those in /etc) but you can't edit them.

A normal user needs to be able to read and see quite a lot of files to actually be able to run, trying to keep them in their home directory will actuallt stop them doing any work.

----
P.S. These are my own comments and while I think they are accurate they may not be.  Any one care to comment?

Title: Re: Loch user in home directory
Post by: lt on November 02, 2003, 12:19:21 AM

in interested more from an ftp point of view lock users in thier home directory

Title: Re: Loch user in home directory
Post by: Michiel on November 02, 2003, 12:25:41 AM

If I understand you correctly, you want to chroot ssh access for your users. Google the internet for "chroot ssh" and you'll find several how-tos.

Title: Re: Loch user in home directory
Post by: Michiel on November 02, 2003, 12:27:52 AM

lt wrote:
>
> in interested more from an ftp point of view lock users in
> thier home directory

Fot that there is a contrib. Search contribs.org for "ftp".

Title: Re: Loch user in home directory
Post by: Craig on November 02, 2003, 02:15:50 AM

It turns out that I was correct, yet wrong!

In the standard version of openssh you can't lock users to their home directory.  But there is a project (http://chrootssh.sourceforge.net/) which has a patch to openssh, this does allow you to lock users.


I live and learn!

Title: Re: Loch user in home directory
Post by: vj on November 02, 2003, 02:13:33 PM

hmm..sounds very interesting, Craig
do you know if anyone has tried it on the sme?

vj

Title: Re: Loch user in home directory
Post by: Craig on November 02, 2003, 02:31:34 PM

vj,
Don't know, I've not heard any think which is why I game my inital impressions.

Craig

Title: Re: Loch user in home directory
Post by: Nathan Fowler on November 04, 2003, 12:54:22 AM

While this may not be what you are actively looking for, this may still be useful:

http://www.sublimation.org/scponly/

Title: Re: Loch user in home directory
Post by: Trevor on December 03, 2003, 07:01:43 AM

Anyone know how to install the http://chrootssh.sourceforge.net/ patch successfully on SME 6.0b3?

Assuming the use of
http://chrootssh.sourceforge.net/download/openssh-3.7p1-chroot.tar.gz

If you has done this or know how, please share! Thanks!

Title: Re: Loch user in home directory
Post by: Trevor on December 12, 2003, 05:41:21 PM

Anybody???