Pann McCuaig <[EMAIL PROTECTED]> writes: > We would like to create accounts for restricted users, primarily for > data sharing purposes. These users would have access to the filesystem > as appropriate, but would not be allowed to run the applications living > under /opt and /usr/local.
I can think of several options, maybe one will fit: You can use a restricted shell like scponly so only scp/sftp will be alowed. You can use ssh/authorized_keys commands to limit certain keys to certain executables. This is good for a CVS+SSH server. See "man sshd" for what is possible. I've never tried this last one, but I think you can set up users in a chroot environment. You could "mount -bind" just those filesystems that you want visible. Maybe PAM has a module for chroot logins. Last, you could set up a virtual machine and only mount the file systems you want to expose. -Brett.