José Luis Ledesma wrote: > You can do a chrooted enviroment (see above) And start de sshd witch chroot > <path of chrooted envirment> /sbin/sshd -f /etc/sshd_config > > Also you can specify the shell of the users in /etc/passwd as > /sbin/sftp-server if you only want to allow this users do a sftp. [...] > -rwsr-xr-x 1 root root 27920 Jun 3 13:46 passwd* [...] > -rws--x--x 1 root root 744500 Jun 3 13:46 slogin* [...] > -rws--x--x 1 root root 744500 Jun 3 13:46 ssh* [...]
Hint: you'd better have *no* SUID/SGID files in a chroot'd environment! If you absolutely want them to be able to change their password, you may do it using some pipe or socket interface hardly filtering parameters. A "real secured" chroot'd environment is a lot of work... Last time I tried this it took me a whole month to put together users, config files services and tools in the most secured & restrictive fashion I was able to imagine. And some folk still successed to down my workstation-server using a kernel bug (arround 2.0.3x if I remember well)... Argl! :) Cheers, J.C. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]