I want to give ssh access to one of my box to someone but I don’t want him to be able to get out of his home directory. Such as if his home is /home/bob, I don’t want him to be able to see /home, / and whatever there’s in /. What’s the best/simplest way to do so?
Fabián Rodríguez
[ Admin ]
Also check rssh which is packaged in Universe and is a “recommends” package for openssh-server in Ubuntu. It will probably be easier to maintain that.
Jorge E. Gómez
Check out Limited Shell, written in python, which you can configure to restrict the commands available to the user, and the paths allowed.
sudo apt-get install lshell
http://lshell.ghantoos.org/
gracias, probada y eso fue, de hecho bien customizable :P Thanks, that’s exactly thay I search. I'ts too customizable :P
Donald Allwright
I achieved something similar by setting the default login for a user (last field in /etc/passwd) to be a script that automatically switched to a chroot environment and ran bash from within it. This user of course could only login to the chroot environment (which is what I wanted in this case) and I had to set this up manually in advance, it wasn’t creating anything on the fly. Of course the user could see the whole of the chroot environment rather than just the home directory, but depending on what you want to do this may satisfy your requirements.
Thanks, this might be enough for my needs actually while rssh sounds good for managing many users.
papapep
Giving the proper permissions to the users and their groups doesn’t work for you?
i.e. if you set /home to 750, nobody but the owner and its group members should read or list it, isn’t it?
Yes but I don’t want to set /home to 750. I want something that would create a chroot automatically when user logs into his /home so he can’t get out, or something similar to that.
Gerfried Fuchs
If the user doesn’t really need to get shell access for running programs the scponly package might be a good idea. It contains a script to setup a chroot for the user in its doc directory at /usr/share/doc/scponly/setup_chroot/. Please notice that there is an ugly bug in the script, it doesn’t create /dev/null inside the chroot, you’ll have to do that yourself (“mknod dev/null c 1 3; chmod 666 dev/null” inside the home directory of the user).
Julián Alarcón
[ Editor ]
from Bogotá, Colombia
A really best solution: http://www.brudvik.org/2011/02/chrootjail-sftpscpssh-on-ubuntu/
Simple and effective!
ohh i have the same “problem” I need do that ….