On 06/14/12 17:48, Nick Holland wrote:
On 06/14/2012 08:55 AM, Kevin Chadwick wrote:
sshd_config ChrootDirectory not suit our needs.
Why doesn't it suit your needs (time to work out how to do it?), you
could just use a locked down file permission system perhaps even
including secondary groups.
Force command might come in handy as well as sudo too.
how WOULD it?
passwd has to alter files in /etc (and is setuid root), kinda keeps a
chroot from being overly useful.
I agree on the chroot part.
However, combining "Match Group ..." with "ForceCommand ..." would be my
first choice, but I have a perversion of wanting to use sshd for
everything. :-)
/Alexander
