Limiting system and filesystem access
McDougall, Marshall (FSH)
MarMcDouga at gov.mb.ca
Thu Dec 8 17:19:46 UTC 2005
I apologize if this is too OT.
I have a developer who needs access to
/u/l/a/htdocs/his_project_documentation. I don't want to give him a
shell account because he only needs to dump some online manuals in this
directory. I also don't want him to be able to navigate the file system.
>From what I have seen, If I create a user with no shell account, sftp
will not work. It fails with:
Warning: ssh_packet_wrapper_input: invalid packet received: len
1416128887 closing the offending input channel.
If I create a user with the home drive pointing to
/u/l/a/htdocs/his_project_documentation, all of the dot files get dumped
there and they can still navigate the filesystem.
I have installed rssh from pizzashack.org and have limited them to just
SFTP, but again they can still navigate the filesystem. If I understand
the CHROOT jail process properly, I would need to copy various system
binaries to the chrooted area and I don't want to do that.
So my burning question is: How do I give this user sftp access only to
a very limited area of my system? Any assistance appreciated.
Regards, Marshall
More information about the redhat-list
mailing list