Le 12/08/2018 à 07:38, Rick Moen a écrit :
Quoting mett (m...@pmars.jp):
I m wondering about the best way to restrict a user after
he has ssh'd into his web folder.
Try a chroot jail.
https://www.tecmint.com/restrict-ssh-user-to-directory-using-chrooted-jail/
or
https://www.cyberciti.biz/faq/debian-ubuntu-restricting-ssh-user-session-to-a-directory-chrooted-jail/
If the users doesn't _need_ ssh access per se, you might consider
WebDAV, instead.
AFAIU, your goal is to provide the user a more productive way to
update his data. One of the most productive methods, to my knowledge, is
rsync, however I haven't examined the way to use it in your conditions.
Running an rsync server on your host is not very secure because the
passwords are stored unencrypted on the host and must be set by the
admin, unless you provide a dedicated app to do it.
But allowing ssh connections with a restricted shell permitting
only the commands used by rsync could be the way. But you would probably
need to forbid the fancy features of ssh, like port forwarding.
Didier
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
