Find the answer to your Linux question:
Results 1 to 5 of 5
Hi, I really tried searching the internet for so many hours on top of my work but I haven't found the answer so Im asking for help again. Here's my ...
  1. 09-29-2008 #1
    luv
    luv is offline
    Just Joined!
    Join Date
    Aug 2004
    Posts
    55

    how to jail ssh



    Hi,

    I really tried searching the internet for so many hours on top of my work but I haven't found the answer so Im asking for help again.

    Here's my problem. I have a hosting account and I created an FTP user for a subdomain. The user(outsourced developer) of that subdomain needs SSH for SVN. I performed this as suggested in one of the forums and it worked -- "usermod -s '/bin/bash' <username>". But the problem is that the user can read other directories on the system. I want the user to stay in his home folder, e.g. "/var/www/vhosts/mydomain.com/subdomain/ftpuser".

    Please dont suggest something like jailkit because Im not an expert on this. I tried reading but I dont want to perform it because it might cause some problems that I dont know how to fix.

    I hope you can help.

    Thank you.
    Reply With Quote Reply With Quote
  2. 10-03-2008 #2
    alexshd
    alexshd is offline
    Just Joined!
    Join Date
    Oct 2008
    Location
    Tel Aviv,Israel
    Posts
    11
    Hi
    If you are using RPM based distro /etc/security/chroot.conf file can help you.
    If not tell me what distro are you ussing and I will try to help you.
    Reply With Quote Reply With Quote
  3. 10-08-2008 #3
    luv
    luv is offline
    Just Joined!
    Join Date
    Aug 2004
    Posts
    55
    Hi alexshd,

    In what way the chroot.conf file can help? Sorry, Im a complete noob when it comes to user management.

    My web host has CentOS and I have Debian in the office.

    Thanks.

    Quote Originally Posted by alexshd View Post
    Hi
    If you are using RPM based distro /etc/security/chroot.conf file can help you.
    If not tell me what distro are you ussing and I will try to help you.
    Reply With Quote Reply With Quote
  4. 12-01-2008 #4
    pnorten462
    pnorten462 is offline
    Just Joined!
    Join Date
    Nov 2008
    Posts
    8

    Thumbs up RE : how to jail ssh

    I will search for this and than i will give you your answer.
    Reply With Quote Reply With Quote
  5. 12-01-2008 #5
    darkblue
    darkblue is offline
    Just Joined! darkblue's Avatar
    Join Date
    Nov 2008
    Location
    London
    Posts
    24
    Oops, Sounds like you made the same mistake, I did couple of days ago!
    here is what can be done..
    First turn off your apache generosity,

    setfacl -R -m o::---,default:o::--- dir
    dir = e.g. "/var/www/vhosts/mydomain.com/subdomain/ftpuser"

    now give some privileges to user
    setfacl -R -m u:apache:r dir
    setfacl -R -m u:headache:rw dir
    lol... headache = person who is accessing things unnecessarily!

    now turn off, file viewing generosity
    setfacl -R -m o::---,default:o::--- dir
    now play with apache:

    setfacl -R -m default:u:$USER:rwx dir
    again, dir = eg. "/var/www/vhosts/mydomain.com/subdomain/ftpuser"

    setfacl -R -m u:apache:rwx dir



    Lemme know if setfacl worked for you on your distro!


    cheers!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules