 | View Full Version : how to disable users to browse over telnet ??? please help domus 06-17-2002, 10:45 PM ok i have this problem i have created user marko now his home dir is /home/marko and he has shell access how can i disable him to go to dirs under /home/marko ??? thnx davidb 06-18-2002, 12:54 AM This isent the answer you want, but it is the one everyone gets. Remove telnet and disable access infinite 06-18-2002, 07:17 AM I would recommend disabling access also. However, you could change his shell to a restricted shell. But it all depends on what binaries he needs to use when logged in (ls, etc...). You could use bash -r as his shell. You will have to find out more to set this up. :( I would also recommend using ssh rather than telnet. Hope this helps, Infinite ;) domus 06-18-2002, 11:04 AM yeah i am using ssh only i call that telnet and i dont wont to disable shell acces to the users bash -r how do i setup that ? and page i could look about thnx Ahmad 06-18-2002, 12:19 PM There is no effective way to do that. Not even disableing shell access. jizaymes 06-18-2002, 05:24 PM What operating system. From my understanding, FreeBSD's Jail system allows funcionality like this. "Jail, users with privilege find that the scope of their requests is limited to the jail, allowing system administrators to delegate management capabilities for each virtual machine environment" http://docs.freebsd.org/44doc/papers/jail/jail.html domus 06-18-2002, 06:39 PM .... NixHosting 06-18-2002, 06:44 PM In the /etc/passwd file just change the ending of their line. You will see most say /bin/bash just change theirs to /bin/bash -r domus 06-18-2002, 07:48 PM then i cant log thru ssh at all with that username and password .... erapid 06-19-2002, 12:07 PM What exactly do you need? Regards domus 06-19-2002, 01:58 PM that user let's say marko has his home dir /home/marko and when he logs to his shell he is unable to view files other than /home/marko and it's subdirectories .... thnx Ahmad 06-19-2002, 06:29 PM Originally posted by jizaymes What operating system. From my understanding, FreeBSD's Jail system allows funcionality like this. "Jail, users with privilege find that the scope of their requests is limited to the jail, allowing system administrators to delegate management capabilities for each virtual machine environment" http://docs.freebsd.org/44doc/papers/jail/jail.html I think this is also called a chroot'ed environment. chroot'ing is available in Linux. Ahmad 06-19-2002, 06:36 PM domus, If you are talking about a hosting company, then whatever you do there is no use. Anybody can set a CGI, PHP or SSI script to read any file readable by the Apache user (i.e.: all directories and pages of other users accessible through the web, including those that contain database passwords.) This topic have been brought up here and elsewhere many times, but there is really no solution to this problem until today. Ahmad 06-19-2002, 06:38 PM Sorry, repeated. |