From owner-freebsd-questions@FreeBSD.ORG Sat Apr 28 05:37:45 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3B82B16A402 for ; Sat, 28 Apr 2007 05:37:45 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout1.cac.washington.edu (mxout1.cac.washington.edu [140.142.32.134]) by mx1.freebsd.org (Postfix) with ESMTP id 1DC5213C43E for ; Sat, 28 Apr 2007 05:37:45 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.139]) by mxout1.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW07.03) with ESMTP id l3S5biBc024361 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 27 Apr 2007 22:37:44 -0700 X-Auth-Received: from [192.168.11.6] (c-67-187-164-17.hsd1.ca.comcast.net [67.187.164.17]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW07.03) with ESMTP id l3S5bhm9014696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 27 Apr 2007 22:37:44 -0700 Message-ID: <4632DDAF.9060306@u.washington.edu> Date: Fri, 27 Apr 2007 22:37:51 -0700 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <63405.68.165.89.71.1177651193.squirrel@mail.el.net> <64888.68.165.89.71.1177720739.squirrel@mail.el.net> In-Reply-To: <64888.68.165.89.71.1177720739.squirrel@mail.el.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-PMX-Version: 5.3.1.294258, Antispam-Engine: 2.5.1.298604, Antispam-Data: 2007.4.27.222534 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: Re: limited shell access X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2007 05:37:45 -0000 kalin mintchev wrote: >> hi all.. >> >> is it possible to limit access for certain users only to a certain >> directory tree - other then his/her home directory? > > so... can i do that or not? > > > >> for example joe logs into his home directory where there is a symbolic >> link to some other directory on the system but he can not go up a level >> (to /home or / ) or anywhere else but home and the directory under the >> symlink... >> >> i looked at the ssh and sshd confs but apparently nothing there... still >> looking... >> >> thanks.... Yes, things like this can be done, but it involves a) making jails, b) limiting (limit.conf(8)) accounts, and c) setting up proper permissions so the user can write to all of the required files in their directory (.profile, .ssh/, etc at least). A lot of work if you ask me ... :). -Garrett