Ok, everyone. ext[23] has POSIX ACL support. Why not ACL some group out of any dir off of "/" they don't need, and only give them execute on /bin, /usr, /usr/bin, etc etc.
Or something to that effect. ACLs are great for all kinds of mischief, but they can be difficult to maintain if you don't design things well before you start changing things. Also, you might want to make sure either tar, cpio, or whatever other backup tool support these things. I don't know if ACLs are currently supported through some sort of EAs or what. Just a thought. On Thu, 2003-07-31 at 11:24, Patrick Börjesson wrote: > > >> > some users on my server have SSH access to the machine, but I > > >don't> > want them to be able to leave their home directories (ee. > > >> > /home/userXYZ). > > >> > > > >> > What is the "best" way to implement this, does anybody know? > > >> > Greetings and TIA, Matthias > > > > # adduser luser > > # ln -s /bin/bash /bin/rbash > > # echo "/bin/rbash" >> /etc/shells > > # chsh -s /bin/rbash luser > > # cd ~luser > > # su luser > > $ > > > > and then: > > > > $ cd / > > rbash: cd: restricted > > > > > > Does that accomplish what you are looking for? > > Although I don't have a better idea, I don't think that's what he's > looking for since luser won't be able to navigate through his/her > home-directory at all (according to bash's man-page, search for rbash). > > Patrick Börjesson -- [EMAIL PROTECTED] mailing list
