From owner-freebsd-questions Mon Mar 5 9:47:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtpf.casema.net (smtpf.casema.net [195.96.96.173]) by hub.freebsd.org (Postfix) with SMTP id 07CA137B719 for ; Mon, 5 Mar 2001 09:47:44 -0800 (PST) (envelope-from walter@binity.com) Received: (qmail 13576 invoked by uid 0); 5 Mar 2001 17:47:41 -0000 Received: from unknown (HELO slash.b118.binity.net) (195.96.105.172) by smtpf.casema.net with SMTP; 5 Mar 2001 17:47:41 -0000 Received: from tsunami.b118.binity.net (tsunami.b118.binity.net [172.18.3.10]) by slash.b118.binity.net (Postfix) with ESMTP id 5E71510E; Mon, 5 Mar 2001 18:46:59 +0100 (CET) Date: Mon, 5 Mar 2001 18:48:58 +0100 From: Walter Hop X-Mailer: The Bat! (v1.51) Educational X-Priority: 3 (Normal) Message-ID: <164186379910.20010305184858@binity.com> To: "G D McKee" Cc: "peter pajak" , freebsd-questions@FreeBSD.ORG Subject: Re: Jail USER in HOME dir In-Reply-To: <001501c0a58f$79ca95c0$0500a8c0@gdmckee.local> References: <001501c0a58f$79ca95c0$0500a8c0@gdmckee.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [in reply to freebsd@gdmckee.com, 05-03-2001] >> >How can I stop a user leaving their home dir? >> > >> >Gordon >> >PS Please can you reply direct as I am not currently subscribed to the >> >mailing list > > Has anyone got any ides that work? Yes. I have compiled and set up "chrsh" with success on a shell box I administer. http://www.aarongifford.com/computers/chrsh.html Beware for a false sense of security, though. The shell is probably not the only means of traveling through the filesystem; if you run a shared webserver or allow people to use scripts somewhere (in procmail for example), you cannot guarantee this type of security. If you need help in setting up a convenient jail environment for day-to-day use email me back. I would write something about this, if it weren't for my exams.... walter -- "There's a time when you have to give the customer trouble if that is what they are asking for. If they truly want NT then provide it to the best that it can be done and then when it falls apart, you can tell them: ``OK, now that we have gone down that road and you have satisfied yourself that it's worthless, let me do it the right way for you now.''" -- Ted Mittelstaedt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message