Date: Mon, 25 Jun 2018 19:45:02 +0200 From: Philipp Vlassakakis <freebsd-en@lists.vlassakakis.de> To: freebsd-questions@freebsd.org Subject: FreeBSD 11.1: chroot users / provide pre-built binaries Message-ID: <D380FEAE-77CE-4927-A610-B45000C0811E@lists.vlassakakis.de>
next in thread | raw e-mail | index | archive | help
Hello, everybody, I am currently looking for a good solution to my „problem“. Scenario: I have a fileserver with several hundreds local users. Each user should be locked into his $HOME (so they can’t cd into any other user-directory, /root etc.), but can login via SSH,SFTP and upload files. Via ZFS exec,devices,setuid is set to „off", so they can't execute any self-uploaded binaries, except binaries, which are provided by me. (cp, mv, rm, rmdir, sh, touch, chgrp, groups, pwd etc.). The binaries are included via $PATH. On the one hand I want to save space, so that the binairies don't have to be in every $HOME, on the other hand the work is reduced if a binary needs to be updated. Is there any simple way to lock users into their Home-Directory without editing sshd_config every time? Thanks in advance Regards, Philipp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D380FEAE-77CE-4927-A610-B45000C0811E>