•  08-07-2019
  •  | 
  •  

Question

Is there something similar to chroot, but for users?

We are about to grant access to our servers for a client and would like them to see only the directories we allow.

Was it helpful?

Solution

A Google search on "openssh jail" led me to SSHjail for openSSH. If your client uses ssh/scp to access the said servers, this might be what you are looking for.

OTHER TIPS

The "best answer" from 2009 is outdated. OpenSSH now comes with the ChrootDirectory option. See http://www.debian-administration.org/articles/590 which is for an already-old version of ssh.

It is important to note that chroot(2) is not meant for security purposes. It is incredibly easy to escape a chroot jail. See this article on abusing chroot for more information.

If you really want to go to that extreme, SE Linux (or any other mandatory access control) is a definite improvement of the default unix permissions.

An effective way to do this is to use lshell

No easy way to jail users in their homedirs. BTW, I would NEVER give access to my systems to someone I don't trust a minimum.

Last time I did, I used an "unescapable" menu based on http://bash.cyberciti.biz/guide/A_menu_box The .bashrc launches this script you would not escape :

~/.bashrc :
(LAST LINE)
./menu.sh; exit 0

Yes, I had to write scripts for each and every menu item (get logs, check sys, ...) but nobody to run 'chown -R root:root /' instead of *. Priceless.

[EDIT] : create a dedicated user, don't do this as root !!!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top