Okay, I've got a question for you gurus out there that's really stumping me. I've installed SSH on a Plesk box for a client who's wanting to over this to his virtual hosting account clients over Telnet (good idea). I'm disabled Telnet, and SSH is working fine, no problems. What the issue is, is that any account on the box has free rights to wander all over the machine! Sure, they can't write/overwrite files/directories that they aren't the owner of, but I want to limit them to their virtual directory only. I know this can be done, and I suspect it is a shell issue, but I can't for the life of me figure it out.

Example, virtual account has the following directory assigned to the user: /www/var/vhosts/domain.com

I want to limit the user to that directory and all directories within. I do not want them to be able to view anything outside of domain.com and the directories within.

How do I go about this? I know this isn't a SSH or Plesk issue. Thank you very much in advance for any suggestions/advice.

-RC

this is a topic that will be argued about for ages. Here is my view. If you don't trust users with shell access don't give it out. there are ways. You can jail a user in their home dir. But then they won't have access to like any programs below them. Ie ftp and such. SO you'd have to make a program directory it each users home dir a place those programs they need to run in there. Change their path. Its a big pain. Go with my first option, if you don't trust user don't let them on or hire a good security admin to secure everything

Remove the execute permissions on the folder you don't want him to access.

chmod o-x foldername.

Originally posted by Panzerfaust
Remove the execute permissions on the folder you don't want him to access.

chmod o-x foldername.

Wouldnt that affect the execution of those programs within those folders by other users?

What about assigning groups and limiting groups access to specific folders.

thats the whole point on jailing a user. Check out this link

http://www.gsyc.inf.uc3m.es/~assman/jail/

this is what you want and you can play around with it i guess

A restrictive shell on a Plesk machine is not going to prevent web hosting customers from accessing files above their home directory.

They can use CGI scripts to browse the entire machine, anyway.

Why not just set permissions on files and directories that you don't want them to access?

Last time I used Plesk, the file permissions really weren't set up where I would reccomend allowing shell access, or CGI.