ssh help, I want user to be able to access only specified folders

Jonathan Steadman FedoraCore at stny.rr.com
Fri Jul 2 13:01:22 UTC 2004


T. Nifty Hat Mitchell wrote:

>On Thu, Jul 01, 2004 at 12:49:57PM -0500, Jonathan S wrote:
>  
>
>>I am new to Fedora, and Linux in general, I want users to be able to log in 
>>to my computer via ssh, with FC-1 but I want to be able to specify rules 
>>for each so they can only access specified folders is this possable?  If so 
>>how would i go about doing this?
>>    
>>
>
>This is almost easy if you understand unix/Linux style permissions,
>ownership and groups.  See the man pages for chmod, chown, chgrp,
>umask.
>
>You need to outline what you intend when you use the word access.
>There are read, write, and execute bits for access; three for each:
>user, group, others.  Depending on the object these might have
>slightly different meaning.
>
>It is important to note that by default most tools are available to
>all users and the interesting restrictions apply to individual home
>dirs and new dirs that you might make.  Almost no one uses chroot home
>or restricted shell logins.  They are just too hard get right and
>maintain.
>
>If you could be more clear about the policy you have in mind perhaps
>we could be more helpful.  The options are just too vast.  Stick with
>simple stuff.  There are some 267933+ files in 1344+ packages that
>have default locations and permissions and the system works.  It is
>easy to break a system if you get too bold without understanding the
>basics.  Build a plan and stay focused....
>
>  
>
>> Also is there a difference between fedora-list and fedora-devel list, 
>>    
>>
>
>There is a big difference. 
>This type of question belongs here.
>
>
>  
>
I guess what I want is for a user on a remote computer to not be able to 
even see any files then those maybe in his home folder, or somewhere 
else i specify, I haven't really got to reading about chroot yet, but it 
looked like the solution i needed just by reading a couple of intros. to 
it.  If there is a simpler solution though, please enlighten me I would 
be much appreciative.





More information about the users mailing list