Date: Tue, 6 Nov 2001 08:20:08 -0700 From: "Jeremy Buckner" <jeremy@cableaz.com> To: "Sven Huster" <sven.huster@mailsurf.com> Cc: <isp@FreeBSD.ORG> Subject: Re: restrict shell access Message-ID: <002201c166d6$854f8460$0c0aa8c0@caz> References: <00f701c166b5$c6546d20$fe00fa0a@venus>
next in thread | previous in thread | raw e-mail | index | archive | help
I have a similar setup here where I'm at but I only allow users to access my www server via ftp. Unless your users need to issue commands to the box, I think this is the safest. Anyway, I created a file called ftpchroot in /etc. I have assigned all these users to the "users" group. So in my file I add the following: @users Also because I don't let them invoke anything on the server itself, I set their shell to pine so if they do try to ssh, they only get to check mail that doesn't exist. That's it, and they can only go to their own dirs. Hope this helps some. Jeremy Buckner ----- Original Message ----- From: "Sven Huster" <sven.huster@mailsurf.com> To: <freebsd-isp@FreeBSD.ORG> Sent: Tuesday, November 06, 2001 4:25 AM Subject: restrict shell access > Hi, > > I want users to be able to login my www server > using telnet or ssh (preferred), but need to restrict > them to their home or some other dir + subdir, > sounds like chroot ;-) > > what you think will be the best solution for that? > has someone a setup like this running? > > I thought about jail but I can't/won't do this for 100+ logins. > > thanks > best regards > > Sven Huster > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002201c166d6$854f8460$0c0aa8c0>