creating ssh account without directory browsing
On Sunday 22 August 2010 13:31:20 Giampiero Gabbiani wrote:
> In data domenica 22 agosto 2010 10:36:36, Tamer Higazi ha scritto:
> : > Hi people!
> > For a project I need to create ssh accounts (based on shared keys) who
> > would be loged in a specific directory. They should only be able to
> > login in the desired directory, but not be able for outside browsing.
> > for example:
> > /work/
> > but not / or any other scope.
> > How would you guys accomplish that?!
> Hi Tamer,
> simply set the default shell of the desired account to: /bin/bash -r.
> In this mode the bash will start in restricted mode. You can get further
> information about that in the man page of bash (section: RESTRICTED SHELL).
If you find that rbash is too restrictive, you can also restrict the access
rights of said users, so that they can only read/write their /home and the
/work directories. Use some sensible umasks to achieve this. SUID and SGID
files & binaries may be more difficult to restrict though.