Secure File Transfer & Jailed user accounts
Craig White
craigwhite at azapple.com
Fri Aug 26 16:30:43 MST 2005
On Fri, 2005-08-26 at 16:22 -0700, der.hans wrote:
> Am 26. Aug, 2005 schwätzte Bryan.ONeal at asu.edu so:
>
> > Ok at this point I am willing to do anything, including wiping out my OS and
> > starting from scratch.
> >
> > I need a way for users to access my box in a secure manor and upload / download
> > files. But I also need to ensure that those users can never navigate above
> > their home directory (I will have several users set to the same home)
> >
> > I can not get chroot to work for the life of me!
>
> It's a good idea, but it's not necessary.
>
> I'd suggest looking into a restricted shell. For instance, there's rbash (
> look for it in the bash man page ).
>
> I'm worried about one part, though.
>
> ###
> When a command that is found to be a shell script is executed (see
> COMâ€
> MAND EXECUTION above), rbash turns off any restrictions in the
> shell
> spawned to execute the script.
> ###
>
> So you just need to be able to write shell scripts to get around the
> restrictions?
>
> Hopefull sftp can be configured to do what you're wanting.
>
> apt-cache search for filezilla returns nothing, so I don't know if
> FileZilla can handle sftp. At least a few GUIs can.
>
---
I thought that I had read if you put /./home/user as the users home
directory in /etc/passwd that it would chroot them to that directory
only. Don't recall where I read that info and it may not be at all
accurate.
Most ftp programs should have a way to lock them into their home
directory though - I don't do much ftp these days.
Craig
More information about the PLUG-discuss
mailing list