From owner-freebsd-isp Tue Dec 30 22:07:52 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id WAA04167 for isp-outgoing; Tue, 30 Dec 1997 22:07:52 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id WAA04138 for ; Tue, 30 Dec 1997 22:07:32 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id RAA16665; Wed, 31 Dec 1997 17:07:12 +1100 (EST) Date: Wed, 31 Dec 1997 17:07:12 +1100 (EST) From: "Daniel O'Callaghan" To: Ernie Elu cc: freebsd-isp@FreeBSD.ORG Subject: Re: Virtual Telnet In-Reply-To: <199712310434.OAA10677@spooky.eis.net.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 31 Dec 1997, Ernie Elu wrote: > I know it is not too hard to set up a virtual domain, website, and ftp site > for a client, but is it possible to have a restricted login? > > By that I mean if you have a freebsd system hosting www.xyz.com and the > client wants to be able to telnet in to hand edit files, is it possible to > restrict their access to only their home directory and its subdirectories? > > Sort of an automated chroot thing you can't bypass I guess. Build a chrooted area with /etc, /bin, /usr/bin, /usr/lib, /usr/libexec files which are necessary. Change inetd to run telnetd.sh and have telnetd.sh do: ----- #!/bin/sh cd /newroot /usr/sbin/chroot . exec /usr/libexec/telnetd ----- Danny