From owner-freebsd-security  Thu Aug 15 11:59:58 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C9C4D37B400
	for <security@freebsd.org>; Thu, 15 Aug 2002 11:59:54 -0700 (PDT)
Received: from tesla.foo.is (tesla.reverse-bias.org [217.151.166.96])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 14CAF43E6E
	for <security@freebsd.org>; Thu, 15 Aug 2002 11:59:54 -0700 (PDT)
	(envelope-from baldur@foo.is)
Received: from there (eniac.foo.is [192.168.1.25])
	by tesla.foo.is (Postfix) with SMTP
	id 540AE27A0; Thu, 15 Aug 2002 18:59:47 +0000 (GMT)
Content-Type: text/plain;
  charset="iso-8859-15"
From: Baldur Gislason <baldur@foo.is>
To: Philip Paeps <philip@paeps.cx>
Subject: Re: Chroot environment for ssh
Date: Thu, 15 Aug 2002 18:58:54 +0000
X-Mailer: KMail [version 1.3.2]
References: <20020815134341.GO1144@juno.paeps.cx>
In-Reply-To: <20020815134341.GO1144@juno.paeps.cx>
Cc: security@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20020815185947.540AE27A0@tesla.foo.is>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

/usr/ports/security/ssh2 has that feature built in, it can chroot certain 
users or users that are members of certain groups.

Baldur

On Thursday 15 August 2002 13:43, you wrote:
> Hi guys -
>
> I'm in the process of setting up a form of fileserver, and I'd like for my
> users to be able to work only in their home directories, not anywhere else.
>  I would like to use SSH for the connections, as opposed to FTP, but I
> don't want users to be able to log into an interactive shell (only
> SCP/SFTP) and I don't want them to 'escape' out of their home directories.
>
> Anyone have any ideas on how I'd go about doing this?  I've been fiddling
> with chrsh (a 'chroot shell') but it's not really what I want.
>
> (I was debating with myself whether to post this on -questions of
> -security, I hope I chose wisely in the end).
>
> Thanks!
>
>  - Philip

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message