FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 08-22-2010, 09:27 AM
Alex Schuster
 
Default creating ssh account without directory browsing

Tamer Higazi writes:

> For a project I need to create ssh accounts (based on shared keys) who
> would be loged in a specific directory. They should only be able to
> login in the desired directory, but not be able for outside browsing.

If you need this only for things like scp, net-misc/scponly might do what
you want.
http://sublimation.org/scponly/wiki/index.php/Main_Page

Wonko
 
Old 08-22-2010, 12:31 PM
Giampiero Gabbiani
 
Default creating ssh account without directory browsing

In data domenica 22 agosto 2010 10:36:36, Tamer Higazi ha scritto:
: > Hi people!
> For a project I need to create ssh accounts (based on shared keys) who
> would be loged in a specific directory. They should only be able to
> login in the desired directory, but not be able for outside browsing.
>
>
> for example:
>
> /work/
>
> but not / or any other scope.
>
> How would you guys accomplish that?!
Hi Tamer,
simply set the default shell of the desired account to: /bin/bash -r.
In this mode the bash will start in restricted mode. You can get further
information about that in the man page of bash (section: RESTRICTED SHELL).

Bye
Giampiero
 
Old 08-22-2010, 02:49 PM
Mick
 
Default creating ssh account without directory browsing

On Sunday 22 August 2010 13:31:20 Giampiero Gabbiani wrote:
> In data domenica 22 agosto 2010 10:36:36, Tamer Higazi ha scritto:
> : > Hi people!
> >
> > For a project I need to create ssh accounts (based on shared keys) who
> > would be loged in a specific directory. They should only be able to
> > login in the desired directory, but not be able for outside browsing.
> >
> >
> > for example:
> >
> > /work/
> >
> > but not / or any other scope.
> >
> > How would you guys accomplish that?!
>
> Hi Tamer,
> simply set the default shell of the desired account to: /bin/bash -r.
> In this mode the bash will start in restricted mode. You can get further
> information about that in the man page of bash (section: RESTRICTED SHELL).

If you find that rbash is too restrictive, you can also restrict the access
rights of said users, so that they can only read/write their /home and the
/work directories. Use some sensible umasks to achieve this. SUID and SGID
files & binaries may be more difficult to restrict though.
--
Regards,
Mick
 
Old 08-22-2010, 04:27 PM
Alan McKinnon
 
Default creating ssh account without directory browsing

Apparently, though unproven, at 10:36 on Sunday 22 August 2010, Tamer Higazi
did opine thusly:

> Hi people!
> For a project I need to create ssh accounts (based on shared keys) who
> would be loged in a specific directory. They should only be able to
> login in the desired directory, but not be able for outside browsing.
>
>
> for example:
>
> /work/
>
> but not / or any other scope.
>
> How would you guys accomplish that?!


Make that user's shell rbash.

In rbash the user cannot cd. There's a bunch of other stuff they also cannot
do. Check man bash near the end to make sure it satisfies your needs.

--
alan dot mckinnon at gmail dot com
 
Old 08-22-2010, 06:40 PM
Kalkin Sam
 
Default creating ssh account without directory browsing

Hi,

Young padawan Tamer Higazi <th982a@googlemail.com> spoke:
> Hi people!
> For a project I need to create ssh accounts (based on shared keys) who
> would be loged in a specific directory. They should only be able to
> login in the desired directory, but not be able for outside browsing.

I think you mean chroot. OpenSSH supports this, have a look at it.

kalkin-

--
Paranoid sein heisst frei sein
(Hal Faber)
 

Thread Tools




All times are GMT. The time now is 05:36 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org