From owner-freebsd-questions  Tue Nov 13 15:45: 4 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by hub.freebsd.org (Postfix) with ESMTP id 79C6237B418
	for <freebsd-questions@freebsd.org>; Tue, 13 Nov 2001 15:45:02 -0800 (PST)
Received: from dialup-209.244.104.77.dial1.sanjose1.level3.net ([209.244.104.77] helo=blossom.cjclark.org)
	by albatross.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 163nEj-0003VE-00; Tue, 13 Nov 2001 15:45:02 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fADNiVp63171;
	Tue, 13 Nov 2001 15:44:31 -0800 (PST)
	(envelope-from cjc)
Date: Tue, 13 Nov 2001 15:44:31 -0800
From: "Crist J. Clark" <cristjc@earthlink.net>
To: mike <mike@coloradosurf.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: chrooting home dirs
Message-ID: <20011113154431.D61915@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20011113102327.A58425@coloradosurf.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011113102327.A58425@coloradosurf.com>; from mike@coloradosurf.com on Tue, Nov 13, 2001 at 10:23:27AM -0700
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, Nov 13, 2001 at 10:23:27AM -0700, mike wrote:
> Hello,
> 
> I would like to chroot local users to the home directories when they ssh 
> in to the machine. `man 8 chroot` was not as enlightening as I had hoped ;).
> 
> Can someone please refer me to information on how I would set up chrooted
> home directories? The purpose of this is mainly to keep shell users in
> their own directories (and not nosing about in others').

You are probably best off just assigning user's directories with the
appropriate permissions, 0700 or something else restrictive.

OpenSSH does not natively support chroot(8)ing users. Doing so and
still having useful environments for the users is non-trivial.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message