LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-23-2003, 09:42 AM   #1
macadam
Member
 
Registered: Sep 2003
Posts: 72

Rep: Reputation: 15
ssh limited access


Hi,

I want to give a SSH access to one of my users.
But I want him to have access to his home directory ONLY.
Or it seems that he can go up in the dir tree hierarchy.

For ftp, easy to do but for ssh, I can't find any info on how to do that.

Thanks for your help

macadam
 
Old 12-23-2003, 09:51 AM   #2
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 46
According to "man sshd_config" you can use AllowUsers to restrict this. Here's what is says
Quote:
shamlessly blagged from 'man sshd_config'
AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
users names that match one of the patterns. * and ? can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts.
HTH

Jamie...
 
Old 12-23-2003, 10:11 AM   #3
macadam
Member
 
Registered: Sep 2003
Posts: 72

Original Poster
Rep: Reputation: 15
thx I will try

regards,

macadam
 
Old 12-23-2003, 10:53 AM   #4
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 46
BTW - remember to restart sshd for the changes to take effect!

Jamie...
 
Old 12-23-2003, 10:58 AM   #5
macadam
Member
 
Registered: Sep 2003
Posts: 72

Original Poster
Rep: Reputation: 15
Well the allowusers statement does not restrict users to their home dir but gives only the possibility to login or not via ssh.
I only want a specific user to access his home directory and he must not be able to go up that directory...

Thanks for your help anyway
 
Old 12-23-2003, 12:03 PM   #6
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,930

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
It appears that allowusers will restrict logins not restrict the users environment.

It might be possible with the permituserenvironment option.
 
Old 12-23-2003, 01:48 PM   #7
Technoslave
Member
 
Registered: Dec 2003
Location: Northern VA
Posts: 493

Rep: Reputation: 30
All ssh is is a form of communication from one host to another that allows a user to login as if that user were on the box. It takes place of telnet, as in it gives "secured" communications.

The way to limit someones access once they've got in to the box is by assigning them a specially created shell that only allows them access to their directory.
 
Old 12-23-2003, 02:06 PM   #8
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 46
Sorry, I misread your question!

I agree with Technoslave, a restricted shell may be your best bet. Unless you can chroot sshd into say /home so only all homedirs are available.

cheers

Jamie...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Limited Network access on Suse 9.3 bwdave Linux - Networking 1 09-14-2005 01:36 PM
limited internal ip access saugato Linux - Security 3 07-20-2005 09:02 AM
Limited User Access Jakeh2k1 Red Hat 1 06-07-2005 08:03 AM
open_basedir - how do I provide limited access to other directories? benbroad Linux - Software 4 12-08-2004 07:07 AM
Limited SSH users race Linux - Software 3 10-18-2004 12:32 AM


All times are GMT -5. The time now is 04:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration