From owner-freebsd-questions  Thu Oct 10  8:32:57 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9A38C37B401
	for <freebsd-questions@freebsd.org>; Thu, 10 Oct 2002 08:32:56 -0700 (PDT)
Received: from samson.sentinelchicken.net (h-64-105-205-76.CMBRMAOR.covad.net [64.105.205.76])
	by mx1.FreeBSD.org (Postfix) with SMTP id B4DE443E42
	for <freebsd-questions@freebsd.org>; Thu, 10 Oct 2002 08:32:55 -0700 (PDT)
	(envelope-from jwm@sentinelchicken.net)
Received: (qmail 80580 invoked by uid 1000); 10 Oct 2002 15:31:55 -0000
Date: Thu, 10 Oct 2002 11:31:55 -0400
From: Jason Morgan <jwm-freebsd@sentinelchicken.net>
To: freebsd-questions@freebsd.org
Subject: Re: SSH/FTP Access
Message-ID: <20021010153155.GB80376@sentinelchicken.net>
References: <200210100428.g9A4SGU20412@mx.datasync.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200210100428.g9A4SGU20412@mx.datasync.com>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Oct 09, 2002 at 11:28:16PM -0500, DiaDems@Datasync.com wrote:
> Just wondering is there a way to limit SSH access (when adding a user or period) so that user can only use SSH to access or effect their home directory?

With ssh2 you can use chroot to limit access to other dirs. In your config:

ChRootUsers user1,user2,user3

you can also restric groups the same way:

ChRootGroups group1,group2,group3

Just don't forget to hardlink any system files into their directories so they can actually use their accounts. 

Note: I've never done this myself and I just pulled the 'how-to' from O'Reilly's SSH book. This is a great resource,
and I recommend you get a copy.

> 
> Also is there a way to give (and limit) a user FTP access to another users home directory?

You mean besides changing permissions?

> Thanks!
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message