[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] Limiting Shell Access
- Subject: Re: [cobalt-developers] Limiting Shell Access
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Sat Dec 15 15:31:00 2001
- Organization: nobaloney.net
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
Paul Rosenthal wrote:
> We would like to give these users shell access via telnet.
>
> However it seems that once logged in as themselves, they can view the
> contents of not only other users' directories, but also just about every
> other directory on the server.
>
> I have trawled through loads of postings on this subject, but I am unable to
> draw any conclusions, as there seem to be a lot of conflicting opinions and
> contradictions.
>
> Can anyone tell me if there is a way to limit a user to their own virtual
> site's home directory and below, and whether this can be set up
> automatically?
Can't do it with SSH or telnet, because neither has it built into the
protocol <frown>. The reason you can do it with FTP is because the FTP
daemon used by Cobalt has it's own commands (it doesn't rely on the ones
on the system) and applies it's own chroot.
And if you could do it, then everyone's login would have to have their
own copies of the programs they want to run, since linux couldn't find
the "real" ones in a chrooted directory structure.
I've been told it can be done with FreeBSD, and in fact I'm studying
that now, but you can't run FreeBSD on the RaQ (at least not without
completely destroying the gui <wry grin>.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484