On Wed, 22 Apr 2009 11:21:06 -0600
Benny Helms <benny (at) egovmt (dot) com [email concealed]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You always have the option of changing their login shell to
> '/bin/bash -s' which locks them in. Unfortunately, it also takes
> away their access to things like, 'ls' and 'cp' and 'vi', etc.,
> unless you include copies in their home folder.
>
> You also need to remember that some apps like 'vim' will allow a user
> a shell escape which can break the limits you set. Make sure to give
> them access only to the secure version. For 'vim' that would be
> 'rvim'.

thanks a lot for the rvim tip.
I am grateful to you to make me aware that vim allows shell access.

>
> Benny
>
>
> J. Bakshi wrote:
> > Dear list,
> >
> > I am running a remote suse server and need to give ssh access to
> > the users who can work on their particular web folder only. The
> > version of ssh server is openssh-5.0p1-21.1
> >
> > I have already did huge google search but could not find any sshd
> > features which can allow ssh users to restrict them in their home
> > directory. I have found some documentations where chroot or jailkit
> > is used to achieve this and these need some more configuration and
> > obviously "chown root:root <home-folder>" . But I need an option
> > which simply restrict ssh users so that they can't browse beyond
> > their home directory. It is also not possible to do "chown
> > root:root <home-folder>" as the folders which are used as home
> > directory are actually web folder under apache htdocs having apache
> > permission. I don't need sftp but ssh access. Is it really
> > impossible to have this feature through ssh technology ?
> >
> > Thanks
> >
>
> - --
>
> Benny Helms
> Unix SysAdmin
> Montana Interactive, LLC
> Office: 406-449-3468 Ext 230
> Mobile: 406-431-5927
> benny (at) egovmt (dot) com [email concealed]
> Registered Linux user #287649 at http://counter.li.org
>
>
> CONFIDENTIALITY NOTICE:
> This email and any attachments are confidential. If you are not the
> intended recipient, you do not have permission to disclose, copy,
> distribute, or open any attachments. If you have received this email
> in error, please notify us immediately by returning it to the sender
> and delete this copy from your system.
>
> Thank you.
> MT.gov / Montana Interactive
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIcBAEBAgAGBQJJ71ICAAoJEI4JEV90z/PryDEP/jI7CXpy6wUKcfrIGtjPnqcE
> 7zFCBiUvgP9r5qbtV37JYxllb63V6WsjK557iIXY2s2AG/UJH+/1+B5WbDAz3Z3l
> 0eQ4XNFc9lYgtDIkuRZjfAbB4H0yIgtairyUe57jm1p+ER9LynoD2klobgj+SHjN
> gHhXJmDTeEgCaDnGFe4DavL7WrYeyLEKxS0Dbqt58aXPD54OiGRbrZNKlsIDGnZp
> QSI7phOT7yQ3laU8MF0S07d4f7qm+2GwBeZjTklycaGg5gVGripQtsLtjwEeqMU8
> 8vwq56TWVo7pWbnPgEXqfYtGtWfRaisZn/q0I0vheOj2gb7OSKwqRzerklXU9Mi4
> /TQVvJy9YG6bZPJzOjMaWPEP+kM75Uq45AqqCRGpLh2sF/eP4jsFHjbHthLWzRY3
> fEHqi0mVyTK1D+0++yopb9QGSmSsnoAn+SBFVwLJdhz7e3La3Yw9x9fvEptm/KvI
> cQcBSmnrnKzKSSC6oVfXDAOMzoZQedP8STalcm+WepdyNitWOwiUvyh0s/cXDT2x
> ohgYosZbRZuVs8PQ2b5Y94v9CvuzONodI4f3dz1cM0Jwd8bswKBUqZJkbwfdMqt3
> YBrhH6CFoF0Kck4pVIr9TEpT1GMrngOLOF0wDuHOWEh//2UwWwYKy541Ilz2QE+s
> i6kXJLKEENivE2eVwqkm
> =9d/u
> -----END PGP SIGNATURE-----

[ reply ]