From owner-freebsd-security Thu Aug 15 10:33:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AF8337B400 for ; Thu, 15 Aug 2002 10:33:22 -0700 (PDT) Received: from horkos.telenet-ops.be (horkos.telenet-ops.be [195.130.132.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9AE243E70 for ; Thu, 15 Aug 2002 10:33:21 -0700 (PDT) (envelope-from philip@paeps.cx) Received: from localhost (localhost.localdomain [127.0.0.1]) by horkos.telenet-ops.be (Postfix) with SMTP id 7149184155; Thu, 15 Aug 2002 19:33:20 +0200 (CEST) Received: from fortuna.home.paeps.cx (D5768732.kabel.telenet.be [213.118.135.50]) by horkos.telenet-ops.be (Postfix) with ESMTP id 0C73283DAD; Thu, 15 Aug 2002 19:33:20 +0200 (CEST) Received: from juno.home.paeps.cx (juno [10.0.0.2]) by fortuna.home.paeps.cx (Postfix) with ESMTP id D3A2DA7C; Thu, 15 Aug 2002 19:33:19 +0200 (CEST) Received: by juno.home.paeps.cx (Postfix, from userid 1001) id 732647EA; Thu, 15 Aug 2002 19:33:19 +0200 (CEST) Date: Thu, 15 Aug 2002 19:33:19 +0200 From: Philip Paeps To: Ken Ebling Cc: freebsd-security@freebsd.org Subject: Re: Chroot environment for ssh Message-ID: <20020815173319.GA91830@juno.paeps.cx> Mail-Followup-To: Ken Ebling , freebsd-security@freebsd.org References: <20020815134341.GO1144@juno.paeps.cx> <20020815162755.GB5510@deevil.homeunix.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <20020815162755.GB5510@deevil.homeunix.org> X-Message-Flag: Get yourself a real mail client. Try Mutt: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2002-08-15 18:27:58, Ken Ebling wrote: > On Thu, Aug 15, 2002 at 03:43:41PM +0200, Philip Paeps wrote: > > Anyone have any ideas on how I'd go about doing this? I've been fiddling > > with chrsh (a 'chroot shell') but it's not really what I want. > > My apologies, I didn't read the entire message. =) Why are you > dis-satisfied with chrsh? Having to create /etc & /bin dirs for each user, > etc? Precisely. The users won't ever be getting shell access (they don't need it), so it's pretty much pointless to give them a bin, etc, and home directory. Additionally, it makes it particularly burdensome to create new users quickly. Of course, I could work with an adduser script and have all sorts of skeletons, but it's a bit of overkill simply for uploading. - Philip -- Philip Paeps philip@paeps.cx http://www.paeps.cx/ +32 486 114 720 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message