Help - Search - Members - Calendar
Full Version: Please Help
Linuxhelp > Support > Technical Support
tchemisX
Hi, I need some help I have a server running Ensim Basic. I need to find a way to lock a user totally in a directory and not be able to back out of it wheter though FTP or SSL connection.. It does not matter if its done through Ensim I just need a wa to do this if anyone knows how to be able to do this please post here how to do and which software I can use to create such an account..
Basically im trying to create a IRC Shell type account for a user and I do not want them browsing no where but there own Directories... Please Help and thank in advance
andrewjenkins
The best way to do this is with a chroot jail. Chroot stands for "change root" and it actually changes the root directory under which an application is run. When users log in, a shell is automatically started for them, and their standard input and output are connected to it, usually /bin/bash in linux. For this, the root is "/" - the true root directory. But, a command like

chroot /home/jaileduser /bin/bash

will mean that first, chroot will make /home/jaileduser the root directory, and then execute /bin/bash in this root directory (what is really /home/jaileduser/bin/bash). The jaileduser will only be able to see things inside of /home/jaileduser - i.e. /mydocs/textfile.txt is actually /home/jaileduser/mydocs/textfile.txt. This is a security feature common with most ftp servers. When this happens, users can only execute the binaries you provide for them, and only touch the files in their directory. There's a good howto from the WU-FTPD installation guides:

http://www.wu-ftpd.org/HOWTO/guest.HOWTO

I'm assuming by SSL you mean SSH, in which case, you probably have to edit a little bit of /etc/ftponly to allow SSH connections as well. I have no idea what Ensim is, but chroot is typical for all FTP servers.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.