Re: How to restrict browsing of other users directories

[Rick Stevens <rstevens vitalstream com>]

Jay Crews wrote:
> Gene Ballard writes....
>
> > Hi,
> >
> > I'm trying to find some info on restricting a users ability to browse
> > the directory tree outside of their home directory.
> >
> > I have looked through the docs and searched on google, but have found no
> > definitive answers.
> >
> > Where can I find a how to on this?
>
>
> This question came up a few weeks ago, but for people 
> that were using ssh to connect to a terminal.
>
> You might try using the restricted shell '/bin/bash -r'
> as their default login, but I'm not sure if it will
> stop a browser from going past a users $HOME.
>
> But like the question a few weeks ago, why do you want
> to do this?  
> All of you sensitive files should be chmod'ed to keep
> prying eyes out.

Later versions of sshd have "ChRootUsers" and "ChRootGroups" options
to do exactly what Gene wants.  There are some caveats, however.  ssh
must be able to build the ssh-dummy-shell and sftp-server programs
statically (no shared libraries) for one.

Try "man ssh-chrootmgr" to see if you've got the goodies.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens vitalstream com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-                He who laughs last thinks slowest.                  -
----------------------------------------------------------------------