From owner-freebsd-questions@FreeBSD.ORG Tue May 30 08:56:09 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EE5016A6CE for ; Tue, 30 May 2006 08:56:09 +0000 (UTC) (envelope-from dead_line@hotmail.com) Received: from hotmail.com (bay20-f5.bay20.hotmail.com [64.4.54.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3F9C43D48 for ; Tue, 30 May 2006 08:56:08 +0000 (GMT) (envelope-from dead_line@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 30 May 2006 01:56:08 -0700 Message-ID: Received: from 62.150.131.187 by by20fd.bay20.hotmail.msn.com with HTTP; Tue, 30 May 2006 08:56:06 GMT X-Originating-IP: [62.150.131.187] X-Originating-Email: [dead_line@hotmail.com] X-Sender: dead_line@hotmail.com In-Reply-To: <016a01c68389$0a99fd20$5ac8a8c0@loui> From: "Marwan Sultan" To: gil@asol.com.ph Date: Tue, 30 May 2006 08:56:06 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 30 May 2006 08:56:08.0484 (UTC) FILETIME=[E45F1E40:01C683C6] Cc: freebsd@amadeus.demon.nl, questions@freebsd.org, dimitar.vassilev@gmail.com Subject: Re: User Access restriction. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 May 2006 08:56:18 -0000 Hello, Yes, I understand that To lockup a user from navigating outside their home directories through ftp, I simply can add them to /etc/ftpchroot and when a user connects It wont allow him to go any level higher than his Home Directory. No need for proftpd as additional port, because the base system will do it throu /etc/ftpchroot BUT!! The user can connect through SSH and navigate, Here where my information stops, 2 questions, 1) How do I have a list from few users to disallow them using SSH? is there any where i add a user to disallow him from using SSH? 2) If I want to lock the user through his SSH session not FTP session whats the way? Is jail the only way? no easier way? chroot can do it? how if yes? or whats the alternatives? Thank you guys for following up with me. Marwan > >to restrict users from navigating outside their home directories through >FTP try using an FTP server that support chrooting. you might want to check >proftpd. http://www.proftpd.org/ >it is also included in the ports collection. > >hope this helps :) > > >================================= >Gil A. Virtucio >Janitor/Kolektor/Messenger/Driver >Asia Solution Phillippines Inc. >28/F Antel Global Corporate Center >3 Doņa Julia Vargas Avenue, >Ortigas Center, Pasig >Office # : +63-2-687-0692 loc. 103 >Mobile # : +63-916-3989695 >http://www.gihl.eu.org/ >================================= >----- Original Message ----- From: "Marwan Sultan" >To: >Sent: Tuesday, May 30, 2006 5:15 AM >Subject: User Access restriction. > > >>Hello Everyone, >> >> I have a server Up and running, 4.8-R, (well why 4.8? its up since >>years) >> However, this server is for commercial use, recently, we started Home >>pages hosting, >> which requier me to give the user access to the shell, >> >> Well, the question, >> >> Lets say, I have 2 groups, Group1, Group2 >> under Groupe1 is the webpages shell accounts (user accounts) >> and group2, just shell users, >> >> If user1 from Group1 will ftp or ssh to the box, his default home path >>will be >> /home/group1/user1 >>But, he still can navigate thro his FTP or ssh to see the directories and >>read files of group1 or >>group2, and play around lilbit, >> >>PLEASE how to restrict this user from going outside his shell account and >>restrict him from >>viewing others folders and webpages ? If i will chmod to something >>limited, then even when >>he browse the web to his webpage it wont work, >> >>So how to have the restriction in the same time viewing his web thro any >>browser worldwide? >> >>Sorry for the long email. >> >>Thank you, >>Marwan >> >>_________________________________________________________________ >>Express yourself instantly with MSN Messenger! Download today it's FREE! >>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to >>"freebsd-questions-unsubscribe@freebsd.org" >> > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to >"freebsd-questions-unsubscribe@freebsd.org" _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/