How do I restrict the places someone can go in a telnet/ssh session?

For example;

logina can not only access his directory with read/write, but he can go into the system config files, password files, other customers scripts, all with read properties.

I want to give telnet/ssh because it is such as good feature, but don't want them to leave their home directory (ie. /home/user/).

THANKS

Is there some reason why you can't just not give them read permission to stuff you don't want them to read? While there are ways to jail(1) users inside a chroot(8)ed environment, I really don't see why it would be necessary.

Which shell are you giving your users? A lot of the shells come with a "restricted" version. The restricted version usually jail them in their home directory and won't allow them to reset certain important environment variables.

Frank

Frank,

This is interesting. Sounds like a much better idea than
chroot'ing each user to their own home dir (which is one
h*** of a job.) Do you have any links?

Here is a link for bash (http://www.gnu.org/manual/bash/html_chapter/bashref_5.html#SEC73) which is a very common shell on linux.

If you can let me know which shell you use, I can point you in the rigth direction.

Frank

I'm using Bash.

Thanks,

Originally posted by ffeingol
Here is a link for bash (http://www.gnu.org/manual/bash/html_chapter/bashref_5.html#SEC73) which is a very common shell on linux.

If you can let me know which shell you use, I can point you in the rigth direction.

Frank




with bash --restricted , you cannot even cd into a subdirectory.

Yea, I'm more of a ksh/pdksh person. The restricted shell there is not as restricted. You can move about in your home directory, but no further.

Frank