Mailing Lists wrote:
> I want to set up a chrooted environment for certain users that are working
> on a web project (they have to access the machine directly, a rh51, via
> ssh, and be able to up/down files using ftp.) Now, I know how to setup the
> ftp so that they are restricted to their homedir, can I do the same for ssh
> (telnet would be a last resort)? I know I can run a chroot and force them
> into a dir, but I'm not able actually to run their entire session (or for
> that matter, their account itself) in a chrooted env. They have to be able
> to use vi. And if possible, lynx (to check the web site they are building)
> and pine (to receive and send their email), but that's not a priority for
> the moment.
Note: Trying to set up mail to work in a chrooted environment is
awkward. You can't access the spool or queue directories (either
directly or by running sendmail). Instead, the mail client would have
to use POP3/IMAP to receive mail and SMTP to send it.
In general, anything which involves accessing system-wide resources is
complicated, particularly anything which would involve lock files.
Setting up a chrooted environment requires knowing the details of
which files an individual program requires. E.g. curses-based programs
(such as Pine) will require a copy of the terminfo database. Anything
which performs time handling will require a copy of the timezone
files. And so on.
Trying to set up a chrooted interactive environment is really hard to
get right, and is almost always a mistake. If you want to restrict
access, use filesystem permissions.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
