recently i've worked on a small patch for openssh that chroots a user when
he logs in. it uses mysql for password auth. it is not posted anyware but
if you want it, send me a personal mail.
Ivan Dimitrov
System Administrator
Bastun Networks
On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
> I have been asked for this and I was trying to figure out how to do it
> (would document it later on in the Securing-Debian-Manual). So please,
> excuse me if you feel this is off-topic.
>
> The problem is, how can an admin restrict remote access from a given user
> (through telnet and/or sshd) in order to limit his "moves" inside the
> operating system.
>
> Chrooting the daemon is a possibility, but it's not tailored in a per-user
> basis but globally to all users (besides you need all the tools that users
> might want to use in the jail). I'm looking more into a jailed enviroment
> like proftpd's when you sed "DefaultRoot ~" (jails the user into his home
> directory but he's able to use all commands, without having to setup all
> the libraries in it).
>
> AFAIK, pam only allows to limit some user accesses (cores, memory
> limits..) not users "movement" in the OS
>
> Ideas?
>
> Regards
>
> Javi
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
