Find the answer to your Linux question:
Results 1 to 5 of 5
Hi, I really tried searching the internet for so many hours on top of my work but I haven't found the answer so Im asking for help again. Here's my ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    luv
    luv is offline
    Just Joined!
    Join Date
    Aug 2004
    Posts
    55

    how to jail ssh


    Hi,

    I really tried searching the internet for so many hours on top of my work but I haven't found the answer so Im asking for help again.

    Here's my problem. I have a hosting account and I created an FTP user for a subdomain. The user(outsourced developer) of that subdomain needs SSH for SVN. I performed this as suggested in one of the forums and it worked -- "usermod -s '/bin/bash' <username>". But the problem is that the user can read other directories on the system. I want the user to stay in his home folder, e.g. "/var/www/vhosts/mydomain.com/subdomain/ftpuser".

    Please dont suggest something like jailkit because Im not an expert on this. I tried reading but I dont want to perform it because it might cause some problems that I dont know how to fix.

    I hope you can help.

    Thank you.

  2. #2
    Just Joined!
    Join Date
    Oct 2008
    Location
    Tel Aviv,Israel
    Posts
    11
    Hi
    If you are using RPM based distro /etc/security/chroot.conf file can help you.
    If not tell me what distro are you ussing and I will try to help you.

  3. #3
    luv
    luv is offline
    Just Joined!
    Join Date
    Aug 2004
    Posts
    55
    Hi alexshd,

    In what way the chroot.conf file can help? Sorry, Im a complete noob when it comes to user management.

    My web host has CentOS and I have Debian in the office.

    Thanks.

    Quote Originally Posted by alexshd View Post
    Hi
    If you are using RPM based distro /etc/security/chroot.conf file can help you.
    If not tell me what distro are you ussing and I will try to help you.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Nov 2008
    Posts
    8

    Thumbs up RE : how to jail ssh

    I will search for this and than i will give you your answer.

  6. #5
    Just Joined! darkblue's Avatar
    Join Date
    Nov 2008
    Location
    London
    Posts
    24
    Oops, Sounds like you made the same mistake, I did couple of days ago!
    here is what can be done..
    First turn off your apache generosity,

    setfacl -R -m o::---,default:o::--- dir
    dir = e.g. "/var/www/vhosts/mydomain.com/subdomain/ftpuser"

    now give some privileges to user
    setfacl -R -m u:apache:r dir
    setfacl -R -m u:headache:rw dir
    lol... headache = person who is accessing things unnecessarily!

    now turn off, file viewing generosity
    setfacl -R -m o::---,default:o::--- dir
    now play with apache:

    setfacl -R -m default:u:$USER:rwx dir
    again, dir = eg. "/var/www/vhosts/mydomain.com/subdomain/ftpuser"

    setfacl -R -m u:apache:rwx dir



    Lemme know if setfacl worked for you on your distro!


    cheers!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •