2011/5/4 Peter Vereshagin <pe...@vereshagin.org>: > Wake me up when September ends, freebsd-questions! > 2011/05/04 16:47:33 +0100 Chris Rees <utis...@gmail.com> => To krad : > CR> > > > > Is it possible to limit the SSH access? > CR> > > Regarding ssh login, I usually use "rbash" from the ports, that > CR> restricts > CR> Or you could have a special /bin-restricted that you nullfs mount into > CR> ~userN/bin. > > > I personally should like to have a quick recipe on how to create such a > limited > set of binaries ( libraries, mans, etc., each mounted with nullfs read-only > to > every such a user's home ) from the 'world' build. > Some options like the rsync I consider to be a must in some cases so this > should include the ports availability, isn't it? >
Hehe, big can of worms here. Plenty of opportunity to break out of a chroot, as well as the fact that it's largely discredited as a security mechanism [1]. Someone mentioned Jails earlier, probably a better idea. Chris [1] http://kerneltrap.org/Linux/Abusing_chroot _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
