Results 1 to 4 of 4
  1. #1
    Join Date
    Jul 2008
    Posts
    972

    Limiting ssh user to specific folder

    I may have this wrong, but I think it's possible. I have a friend who wants to run a process on one of my servers, now I don't particularly 'care' about this server, it's just used for a couple of unimportant things so I'm okay with him running it, but I don't want the hassle of sorting out things if he decides to delete everything, so I'm hoping it's possible to limit his directory.

    For example, I have the folder "people" in the top most directory, inside that I have "arthur", I want to limit the ssh user "arthur" to the folder "arthur", I don't want him to be able to cd ../../ and delete stuff, is this possible?

    thanks.

  2. #2
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    What OS are you running?

    If a BSD such as FreeBSD, you have two approaches, one of which involves the built in feature - jail. FreeBSD jail is a tool of that OS which allow you to create a "chroot'd" environment that can look like an entire OS installation or just what the user needs and nothing more. It is possible to create an environment that looks like an entire server, rather like an OpenVZ VPS in many respects.

    If running a Linux, google on "OpenSSH chroot" and you'll find a variety of solutions, many of which involve installing a patched OpenSSH. You do not need to patch OpenSSH as newer versions (> 4.8 - introduced last year) of OpenSSH contain a chroot feature. Check what version of SSH you are running and update to the latest if necessary.

    BSD's of course also run OpenSSH (OpenBSD project develops OpenSSH) so this approach is available on FreeBSD as well.

    man sshd_config for more details on configuration file settings.
    Last edited by mwatkins; 06-23-2009 at 10:44 AM.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  3. #3
    Join Date
    Jul 2008
    Posts
    972
    I thought I mentioned my OS, obviously not. centOS 5. I'll take a look at openSSH, thanks!

  4. #4
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    Chances are you are running a version that can handle it:

    $ ssh -v
    OpenSSH_5.1p1 Debian

    % ssh -v
    OpenSSH_5.1p1 FreeBSD-20080901

    man sshd_config will contain the term ChrootDirectory if your version supports this. There is some setup required on your part - you'll need to put shells and other necessary files for the user in that location; hopefully their system needs for this app are minimal and they can look after the userland stuff on their own.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

Similar Threads

  1. Forwarding mail to a specific folder?
    By Kadence in forum Hosting Security and Technology
    Replies: 2
    Last Post: 06-14-2008, 09:20 PM
  2. Limiting user activity
    By cuantica in forum Hosting Security and Technology
    Replies: 6
    Last Post: 07-30-2007, 05:21 PM
  3. limiting resource usage of specific site
    By chamelion in forum VPS Hosting
    Replies: 0
    Last Post: 02-19-2007, 03:27 PM
  4. Limiting Folder size on my web host account
    By xaceface in forum Web Hosting
    Replies: 13
    Last Post: 07-31-2003, 01:10 PM
  5. limiting ftp access to a specific directory
    By qm8309 in forum Hosting Security and Technology
    Replies: 4
    Last Post: 03-21-2003, 09:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •