jail/ chroot / whatever it's called.. how do i?

sde · 06-22-2002, 12:29 AM

i want to allow a user to access my linux debian box.

i don't want them to be able to see my entire directory .. only the directory i specify as theirs. .. kinda like how web hosts do it.

the will need ftp and ssh access .. how can i lock them to their one directory, and not let them view anything above their home?

any ideas?

redhead · 06-22-2002, 02:15 AM

You could use any of the restricted shells..
r*sh, rbash is bash in restricted mode, rsh is sh in restricted mode.
http://www.lns.cornell.edu/public/CO...f_7.html#SEC77
As default BSD will trap users in a restricted mode, if their shell is beginning with a 'r'

sde · 06-22-2002, 08:23 AM

thanks a lot redhead. that's the first time i've had that type of control over a user's login.. but i need to do something a little different.

that restricted the user to only their home directory. so even if they create a subdirectory themselves, they can not use the "cd" command to get in it.

also, for some reason, ftp would not work for that user when i restricted them.

i'm need to read more here.

redhead · 06-22-2002, 01:51 PM

Quote:

Originally posted by mmilano

that restricted the user to only their home directory. so even if they create a subdirectory themselves, they can not use the "cd" command to get in it.

Hmm... never tried anything that restricted.. Only the 'cd ..' restriction..

Quote:

Originally posted by mmilano
also, for some reason, ftp would not work for that user when i restricted them.

i'm need to read more here.

The reason why ftp wont accept login into a restricted shell, is because it's not listed in /etc/shells, put the r*sh you're using in there aswell, and ftp has access to it.

sde · 06-22-2002, 04:23 PM

Quote:

Originally posted by redhead
Hmm... never tried anything that restricted.. Only the 'cd ..' restriction..

i don't want it to restrict 'cd' , but it is restricting that command for some reason. =/

sde · 06-22-2002, 04:46 PM

ok, i found a patch, but how do i install it?

here is a link that says something about it ..
http://bugs.debian.org/cgi-bin/bugre...no\&bug=139047

and here is a link to the patch:
http://www.cag.lcs.mit.edu/~raoul/op...1-chroot.patch

but what the heck do i do with the patch?

redhead · 06-22-2002, 11:44 PM

Quote:

Originally posted by mmilano
ok, i found a patch, but how do i install it?
here is a link to the patch:
http://www.cag.lcs.mit.edu/~raoul/op...1-chroot.patch

but what the heck do i do with the patch?

Download it, get the source for your openssh, untar/gz it, enter the openssh-3.1p1 dir that emerges and issue the command:
patch -p1 < /the/downloadet/openssh-3.1p1-chroot.patch

Make sure, its the openssh-3.1p1 version you use it on, since theres allready a 3.3p1 version, but this patch was orriginaly made to 3.1p1.
Then just use your regular:
./configure --with-chroot && make && make install

Restart your sshd, and you can now use chrooted $HOME via ssh.