On Mon, Jun 28, 2004 at 08:21:31PM +0200, Robert Cates wrote: >Hi, > >I don't exactly like the idea of having to setup a "mini-system" in >everybodies home dir, so maybe the Jailkit will be the answer.(?) Somehow >I'm a little surprised that the OpenSSH project hasn't provided this feature >in SSH and sftp that I'm looking for. Maybe somebody knows the reason why? >I think my next e-mail will be to the OpenSSH project ;-)
proftp will allow chroot access to each users home dir. you can do that and/or give ssh/sftp restricted access with group permissions. all remote ssh/sftp users get a gid of 'jail' then all directories and executables they cannot have access to get set gid 'jail' with mode 705, individual no access files get gid 'jail' with mode 604. Then they can use regular system files to login etc but when they try to access /usr/sbin or some files in /usr/bin as gid 'jail' they are denied access because mode 705 blocks members of the group but not the User and Other permissions, so regular system operations work. I just made that up. There will probably be some quirks to work out, I would suggest making a script to backup existing modes/gid and restore custom or default perms. 'id' and 'find -printf' are your friends. Best, // George -- George Georgalis, Architect and administrator, Linux services. IXOYE http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED] Key fingerprint = 5415 2738 61CF 6AE1 E9A7 9EF0 0186 503B 9831 1631
