From owner-freebsd-questions@FreeBSD.ORG Thu Jan 29 05:31:47 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA89516A4CE for ; Thu, 29 Jan 2004 05:31:47 -0800 (PST) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38C4E43D62 for ; Thu, 29 Jan 2004 05:31:34 -0800 (PST) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.196.44]) by comcast.net (sccrmhc12) with ESMTP id <20040129133133012003ci0pe>; Thu, 29 Jan 2004 13:31:33 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id 64722B1; Thu, 29 Jan 2004 08:31:33 -0500 (EST) Sender: lowell@be-well.ilk.org To: Gautam Gopalakrishnan References: <5.2.0.9.2.20040128211822.01d40390@pop.voyager.net> <44hdyfa29s.fsf@be-well.ilk.org> <20040129034148.GA99912@madras.dyndns.org> From: Lowell Gilbert Date: 29 Jan 2004 08:31:33 -0500 In-Reply-To: <20040129034148.GA99912@madras.dyndns.org> Message-ID: <44y8rqanka.fsf@be-well.ilk.org> Lines: 26 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@FreeBSD.ORG Subject: Re: locking a user into one directory X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2004 13:31:47 -0000 Gautam Gopalakrishnan writes: > On Wed, Jan 28, 2004 at 09:59:11PM -0500, Lowell Gilbert wrote: > > Dragoncrest writes: > > > > > I've seen this explained before, but I've never taken much > > > interest in it as I never had a need for it. Well, it's starting to > > > look like I do. What I'm wanting to do is give shell access to a user > > > to shell into the mail server, check their mail, and that's it. I > > > don't want them to be able to wander outside of their home directory. > > > I think it's called a jail, but I don't remember. Does anyone know > > > what it is I need and have a tutorial for it or know where I can find > > > one? Much appreciated. > > > > Um, you mean "man jail"? > > Or maybe "man chroot"... > > > Or you could use a restricted shell, maybe zsh or bash. > http://www.faqs.org/docs/bashman/bashref_75.html Sure, that could do it, depending on what's needed. If you're limiting the users because you don't trust them, you should stick with real security instead. Restricted shells are really more for keeping yourself from shooting yourself in the foot.