Date: Mon, 25 Jun 2018 19:45:02 +0200 From: Philipp Vlassakakis <freebsd-en@lists.vlassakakis.de> To: freebsd-questions@freebsd.org Subject: FreeBSD 11.1: chroot users / provide pre-built binaries Message-ID: <D380FEAE-77CE-4927-A610-B45000C0811E@lists.vlassakakis.de>
next in thread | raw e-mail | index | archive | help
Hello, everybody, I am currently looking for a good solution to my =E2=80=9Eproblem=E2=80=9C= . Scenario: I have a fileserver with several hundreds local users. Each user should be locked into his $HOME (so they can=E2=80=99t cd into = any other user-directory, /root etc.), but can login via SSH,SFTP and = upload files.=20 Via ZFS exec,devices,setuid is set to =E2=80=9Eoff", so they can't = execute any self-uploaded binaries, except binaries, which are provided = by me. (cp, mv, rm, rmdir, sh, touch, chgrp, groups, pwd etc.). =20 The binaries are included via $PATH. On the one hand I want to save space, so that the binairies don't have = to be in every $HOME,=20 on the other hand the work is reduced if a binary needs to be updated. Is there any simple way to lock users into their Home-Directory without = editing sshd_config every time? Thanks in advance Regards, Philipp=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D380FEAE-77CE-4927-A610-B45000C0811E>