From owner-freebsd-questions@FreeBSD.ORG Sun Mar 27 16:51:44 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4083516A4CE for ; Sun, 27 Mar 2005 16:51:44 +0000 (GMT) Received: from post-23.mail.nl.demon.net (post-23.mail.nl.demon.net [194.159.73.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE2B543D3F for ; Sun, 27 Mar 2005 16:51:43 +0000 (GMT) (envelope-from albi@scii.nl) Received: from aseed.demon.nl ([83.160.138.119]:9932 helo=mail.aseed.antenna.nl) by post-23.mail.nl.demon.net with esmtp (Exim 4.43) id 1DFazG-0008Tx-P9 for freebsd-questions@freebsd.org; Sun, 27 Mar 2005 16:51:42 +0000 Received: from http.aseed.antenna.nl (unknown [192.168.0.50]) by mail.aseed.antenna.nl (Postfix) with ESMTP id E984D1545D9 for ; Sun, 27 Mar 2005 18:54:20 +0200 (CEST) Received: from localhost.localdomain (f80052.upc-f.chello.nl [80.56.80.52]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by http.aseed.antenna.nl (Postfix) with ESMTP id EBE5C58C82A for ; Sun, 27 Mar 2005 18:51:45 +0200 (CEST) Date: Sun, 27 Mar 2005 18:51:36 +0200 From: "albi@scii.nl" To: freebsd-questions@freebsd.org Message-Id: <20050327185136.0b4d652b.albi@scii.nl> In-Reply-To: <001a01c532e9$42017e10$6401a8c0@GRANT> References: <001a01c532e9$42017e10$6401a8c0@GRANT> X-Mailer: Sylpheed version 1.0.0 (GTK+ 1.2.10; i386-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Jails .... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Mar 2005 16:51:44 -0000 On Sun, 27 Mar 2005 11:23:05 -0500 "Grant Peel" wrote: > It seems to me, that for all the work of scponly shell to be setup, > why not just create a simple jail and allow ssh teminal access for > users? > > That having been said, is it possible to set up jails for existing > users that include only simple commands, like: > > ls > mkdir > rmdir > pico > rm > chown > chmod > > if so, are there any guru's who would like to type and explanation and > step by step how to here? i can think of one possible solution for this : 1) you create the jail (see : man jail [with one exception, i prefer a make world for the host and then use a make installworld for the jails instead of make world again for the jail]) 2) make /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin only accessible for root (and users for possible other services) and set the PATH to include a new dir e.g. /newbin/ which is accessible for users, and copy the shell (and possible other basic commands) they need in that dir too