|
Author: Jigz Nep
Date: 11-06-02 02:36
Hi,
I have been looking everywhere, but to no avail, on how to set up BSD in such a way that each user won't be able to peep through other accounts' directory.
In other words, each user would virtually have his own BSD server with his own /home directory and not /home/username. Furthermore, for security purpose, system applications should not be accessible particularly httpd and its configuration files.
Thanks a lot
|
|
Reply To This Message
|
|
Author: mike
Date: 17-02-03 23:07
You should chroot your users. For example if you are using the default ftpd you can add a group in the /etc/ftpchroot file like this
@wwwuser
And if you add a hostingaccount add him to the wwwuser and he will be chrooted. It is also possible to add every new user. But managing a group is easier then a lot of users.
|
|
Reply To This Message
|
|
Author: Shaun McNamer
Date: 17-08-03 04:19
I've done a setup with FTP where, as described before every user is chrooted to their home directory, and then I setup aliases with Apache to reference their files. Works great.
I've also noticed that when you make the aliases you should be sure to include a blank directory in the default Apache directory of the same name, that way people will be able to get to it with an incomplete URL (missing the last slash) like http://www.something.com/whatever won't work unless you have an empty whatever directory. The people would simply get a 404. At least that's how things have been for me.
mike wrote:
>
> You should chroot your users. For example if you are
> using the default ftpd you can add a group in the
> /etc/ftpchroot file like this
>
> @wwwuser
>
> And if you add a hostingaccount add him to the wwwuser and he
> will be chrooted. It is also possible to add every new user.
> But managing a group is easier then a lot of users.
|
|
Reply To This Message
|
|
Author: shri
Date: 18-12-03 12:46
Hi there ,
That was great to try this out ,Nice work ,but what if we want to give each user SSH access ,How will it work with chroot in ssh ...
Do u have any IDEA
Shri
|
|
Reply To This Message
|
|
Author: el_kab0ng
Date: 06-10-04 14:50
Shouldn't this reside in the support section of the forums and not the handy scripts area?
Have you also looked into "jail"? (man jail)
|
|
Reply To This Message
|
|
Author: Jim Keller
Date: 15-12-04 06:24
You will definitely want to look into jail(). I know CPanel has a product called jailshell that accomplishes this task, but it's not open source or free. You will most likely need to setup a baby FreeBSD system under every user's home directory, then jail() them into this directory. There is information on how to do this if you google "freebsd jail shell" or a similar phrase. Personally, I would just avoid giving shell access to your users altogether. It's very rare that a hosting customer will actually need shell access, especially since most people would still prefer just to edit locally and upload through FTP.
-Jim Keller
http://jim.centerfuse.net/projects/
|
|
Reply To This Message
|
|
