PhloxLot |
08-02-2009 08:00 PM |
limit what folder a user can access when using ssh and an editor
I have a jail setup on a server where my students logon using ssh and they program using vim. My jail setup currently allows them to only work in the directory /home/jail/home/username and only issue select shell commands. I would like to extend the use of an editor or IDE but I don't know how to prevent them from going "up-stream"(outside of their own folder) when they do a file-->open, or edit or save from the editor.
When they open an editor from their ssh terminal window, are they opening a child process or an completely independent process? If they are opening a child process, I have a script that filters their commands and limits what they can do. I would think that I could filter commands issued from the editor within this script. Correct? If not, how would I do it?
|