OpenSSH and Chroot question
I'm looking for suggestions on the best way to implement the following with security in mind. I've been using Linux for about a year so this is my most daunting task yet.
I'm building a torrent seedbox that will have the ability to run multiple instances for a mulit user setup. I want to have it customized so each user is isolated and can only see their directories with no ability to browse the entire filesystem. I want to use openSSH sftp so the client can connect via winscp from a windows box. Also, I need to find a way to give the user the ability to stop or start the binary or control the daemon of the torrent application as well.
I've read about the functionality of chroot jails and was originally intending to use the chroot directory feature of openSSH but I need the ability for the user to be able to control the specified daemon. Can this be done with some sort of login script, remote launch script or through a restricted shell? Some of the chroot jail configurations involve copying shared libraries and other dependencies over to the jail directories and it all seems a bit overwhelming however I'm willing to learn. Just hoping somebody will give me some direction to see if I'm doing it the best way with security in mind. It's ultimately a learning project as after a year I'm hooked on 'nix.
Regards,
|