Secure File Transfer & Jailed user accounts
Bryan.ONeal at asu.edu
Bryan.ONeal at asu.edu
Fri Aug 26 18:02:01 MST 2005
I am using ssh & sftp now, and FileZilla is handling sftp quite well
(http://sourceforge.net/projects/filezilla/) however, the users can just keep
going up the chain, I want to ensure that a user can never go beyond their home
directory. Hence the chroot jail approach. Is there another way to restrict
sftp access to a home directory?
In addition, is their a way I can allow sftp access, but not shell access (as
all but about three of the remote users will ever need shell access)
Quoting "der.hans" <PLUGd at LuftHans.com>:
> Am 26. Aug, 2005 schwätzte Bryan.ONeal at asu.edu so:
>
> > Ok at this point I am willing to do anything, including wiping out my
> OS and
> > starting from scratch.
> >
> > I need a way for users to access my box in a secure manor and upload /
> download
> > files. But I also need to ensure that those users can never navigate
> above
> > their home directory (I will have several users set to the same
> home)
> >
> > I can not get chroot to work for the life of me!
>
> It's a good idea, but it's not necessary.
>
> I'd suggest looking into a restricted shell. For instance, there's rbash
> (
> look for it in the bash man page ).
>
> I'm worried about one part, though.
>
> ###
> When a command that is found to be a shell script is executed
> (see
> COMâ
> MAND EXECUTION above), rbash turns off any restrictions in
> the
> shell
> spawned to execute the script.
> ###
>
> So you just need to be able to write shell scripts to get around the
> restrictions?
>
> Hopefull sftp can be configured to do what you're wanting.
>
> apt-cache search for filezilla returns nothing, so I don't know if
> FileZilla can handle sftp. At least a few GUIs can.
>
> ciao,
>
> der.hans
> --
> # https://www.LuftHans.com/ http://www.AZOTO.org/
> # "Communications without intelligence is noise;
> # Intelligence without communications is irrelevant."
> # Gen. Alfred. M. Gray, USMC
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
More information about the PLUG-discuss
mailing list