Can someone tell me how to set up the bash profile so that when a user logs in, bash -r is executed giving them restricted shell?

Thanks in advance,

Terry

Not in the profile but by linking /path/to/bash to /path/to/rbash and using /path/to/rbash in their passwd entry. You may have arrived at the conclusion Rbash serves your purposes based on you 0) not knowing anything else, 1) not wanting to fiddle with depencencies like required for a proper chroot jail or 2) some other reason, but please note of all the access restriction measures you can implement Rbash actually is one of the weakest ones. If you post exactly what you require Rbash for maybe we could help you more or better...

Yes, I guess it would help to be more specific. I need to improve secutiry on my FTP server. Specifically logins via sftp from leaving their home directory. I've managed to lock down ftp logins by modifying the vsftpd.conf file. It appears that my best recourse is building a chroot jail, something I'm not familiar with.

From the testing I've recently done, modifying the shell doesn't affect SFTP logins, so the rbash scenario is out the window. The OS on this server is CentOS 5.3 if that helps.

Any help/advice is appreciated.

Terry

You're in luck. Not only for having chosen a robust FTP daemon with a good security record, but one with extensive documentation (no hidden sarcasm there). So all you have to want to do is read /usr/share/doc/vsftpd-.*/EXAMPLE/.*.


Yeah, SFTP != FTPS. Since version 4.9 OpenSSH has chroot functionality (as in chrootssh.sourceforge.net) built in, else there's Rssh and SCPOnly. If yous earch this forum you're bout to find threads, else check out http://www.linuxquestions.org/questi...oblems-597142/.

thanks very much for you input and advice. I'll check out the documentation.

Regards,
Terry