02-04-2004, 09:54 PM
|
|
Newbie
|
|
Join Date: May 2002
Posts: 15
|
|
Restricting SSH users to home dir - how?
Need some help folks on something that should be easy on a linux sys...
Running Plesk 6 on ES 2.1
Require to provide ssh access to a user but I dont want them to be able to read or view files or folders up from their home dir.
How can I achieve this? Do I need to consider using another ssh shell from plesk config setup?
Any pointers & maybe how to do will greatly be appreciated.
Regards
fudgie
|
02-04-2004, 10:16 PM
|
|
Web Hosting Master
|
|
Join Date: Jan 2003
Posts: 1,715
|
|
The problem with shell access (vs FTP or webdav) is the user needs access to any programs they'd want to run. That requires setting up some type of jail or chroot install in their directory. You can probably google for instructions on setting that up.
__________________
Game Servers are the next hot market!
Slim margins, heavy support, fickle customers, and moronic suppliers!
Start your own today!
|
02-04-2004, 10:27 PM
|
|
Retired Moderator
|
|
Join Date: Aug 2003
Location: Pittsburgh
Posts: 3,475
|
|
Just wondering, but shouldn't this be in Technical & Security Issues?
|
02-04-2004, 10:40 PM
|
|
Newbie
|
|
Join Date: May 2002
Posts: 15
|
|
Oops.. if it needs to be there, can mod please move it ?
Sorry.
|
02-05-2004, 01:50 AM
|
|
Web Hosting Master
|
|
Join Date: Dec 2002
Posts: 1,300
|
|
Read up on restricted shell. Google is your friend. YMMV.
__________________
"The only difference between a poor person and a rich person is what they do in their spare time."
"If youth is wasted on the young, then retirement is wasted on the old"
|
02-05-2004, 03:13 AM
|
|
Pixellegion
|
|
Join Date: Dec 2003
Posts: 501
|
|
My suggestion...never give any of your user SSH access, it's very dangerous. You have to think twice....
Especially if you use this server on hosting business.
|
02-05-2004, 06:01 AM
|
|
Newbie
|
|
Join Date: May 2002
Posts: 15
|
|
Ppl believe it or not, I am not just resulting posting here cause I want the easy way out or anything, this has been a tedious process, from google, sourceforge, php dev forums, linux forums, plesk forums.. etc..
This is a reply I got:
"There's no way you can grant shell access to any user with any shell and deny them the ability to read any world readable file on your entire server."
So you're telling me read or search google, do you guys know the anwer to this? Do you know if its possible or should the last comment be true?
I am amazed that a system such as linux doesnt have the ability to restrict a user read writes.
If you know anything, give us a hint plz.
fudgie
|
02-05-2004, 07:03 AM
|
|
roflcopter
|
|
Join Date: Feb 2004
Location: here and there
Posts: 723
|
|
'chmod 711' is your friend. If they know where a file is they can still read it, but you can generally hide the content of various directories, including / with it. For example, chmod 711 /home/ and /home/* is a good idea.
Alternately you could make your own kernel patch for whatever os (linux you said?) that restricted users. Perhaps there are security patches out that do this already? grsecurity? I'm not sure, I haven't used linux in a few years.
|
02-05-2004, 09:28 AM
|
|
Junior Guru Wannabe
|
|
Join Date: Apr 2003
Location: Sunny UK
Posts: 33
|
|
Would Jail be an option? I can't post the URL here because of my lack of posts but you can find it on google.
Its works fine for me via WHM and cPanel but I'm sure it's not too difficult to set up via SSH.
|
02-05-2004, 10:55 AM
|
|
Pixellegion
|
|
Join Date: Dec 2003
Posts: 501
|
|
Quote:
Originally posted by Jon69
Would Jail be an option? I can't post the URL here because of my lack of posts but you can find it on google.
Its works fine for me via WHM and cPanel but I'm sure it's not too difficult to set up via SSH.
|
Jail will be an option, and of course there're other ways to give access SSH to your users, CHMOD is one of option as well, however it's still not save to give access to SSH, if one attacker can't access your "root", they still can access other account, or make any flood of attack on your box.
Please think twice, SSH will be a good weapon to kill your box  , telnet as well
|
02-05-2004, 01:14 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Apr 2003
Location: Sunny UK
Posts: 33
|
|
Quote:
Originally posted by l0ck_up
Please think twice, SSH will be a good weapon to kill your box, telnet as well
|
Yeah, of course I agree. I was just trying to answer the orginal post 
|
02-05-2004, 03:01 PM
|
|
Newbie
|
|
Join Date: May 2002
Posts: 15
|
|
I need to provide ssh access for one tech person to configure and test an application (only once) - that I dont want him to see or do a listing on vhosts directory and see domains listed.
So yes I know I should not allow anyone to access via ssh or telnet, but what can i do, I need this person in. yes i will try to
So how can I prevent a user from looking into a specific directory?
Has anyone managed to do this? does it need a specific restricted shell that can be configured in such a way?
Does this maybe provide any ideas to solution?
http://www.sunmanagers.org/pipermail...ch/000337.html
pre thanks
fudgie
|
02-05-2004, 05:54 PM
|
|
Newbie
|
|
Join Date: May 2002
Posts: 15
|
|
|
02-06-2004, 07:26 AM
|
|
Web Hosting Master
|
|
Join Date: Dec 2001
Posts: 5,221
|
|
|
02-06-2004, 08:43 AM
|
|
Newbie
|
|
Join Date: May 2002
Posts: 15
|
|
dynamicnet - thank YOU!
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
