LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Locking SSH user to home directory. (https://www.linuxquestions.org/questions/linux-software-2/locking-ssh-user-to-home-directory-543074/)

paroxsitic 04-03-2007 03:25 PM

Locking SSH user to home directory.
 
It is my understanding that I have to look more into chroot. Upon research I've found chroot is used mostly for making community jails. That is, a directory like /home/jail is used as a fake root. Each user apart of the jail has a normal /home/jail/home/username home and it seems to them they are are not in a jail. It's mostly like this because jails require their own bin and lib files among other things, and this is also way you can pick and choose which commands your jailed users run.

I don't need some fancy emulated effect of a root. I am mostly interested in keeping users out of other users home directories. It would be ideal if by simply trying to cd out of their home directory they get a PERMISSION DENIED.

I have already achieved this with FTP by means of proftpd. Now I'd like this same setup for SSH and SFTP. Any and all information that contains the most basic and simplistic way I can set up this security will be appreciated.

TomGibbons 04-03-2007 03:36 PM

Quote:

Originally Posted by paroxsitic
...I am mostly interested in keeping users out of other users home directories...

Well they shouldn't have access to other users' home directories at all anyway, unless your permissions are jacked up. Have you tried it and successfully moved into the home directory of another user?

paroxsitic 04-03-2007 05:50 PM

Quote:

Originally Posted by TomGibbons
Well they shouldn't have access to other users' home directories at all anyway, unless your permissions are jacked up. Have you tried it and successfully moved into the home directory of another user?

My permissions must be jacked up then. I need their /home/username/www and home/username/palace/media both of these have to be executable by anyone to my understanding. Both of them are just symbolic links to websites, and apache says you dont have permission to view the files when I get rid of executable rights for their home directory.

I also dont want the home directory to be visible at all. One reason is because when you ls -l the home directory it shows all the user names. I could have their home directory named something besides their username, but then my webmin modules use the logged in user for reference.


All times are GMT -5. The time now is 01:19 PM.