From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OnDR5-0000ek-J5 for garchives@archives.gentoo.org; Sun, 22 Aug 2010 16:30:21 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3A193E08E0; Sun, 22 Aug 2010 16:30:13 +0000 (UTC) Received: from mail-ew0-f53.google.com (mail-ew0-f53.google.com [209.85.215.53]) by pigeon.gentoo.org (Postfix) with ESMTP id EEFFAE08E0 for ; Sun, 22 Aug 2010 16:30:12 +0000 (UTC) Received: by ewy19 with SMTP id 19so3311267ewy.40 for ; Sun, 22 Aug 2010 09:30:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=0N2XJ2sR4Y2VZqZwszSrzApPBNRmAsHnPUc6QZ1rpzk=; b=B4N4zTiGxZR11NZjdJmU6SvSVbxPXbacZAbjny72EKMPDqur+s6Nv6J7auQxPfENC9 AoyxeBj9tkDZG6FMR77O8QsEqC/gNjLckGWJcaTdlmcY/VnGAob+3BWrRhN+9Ow0QaO7 0YBYvBeVgY0Cq8I0crVkYqwd6aO4FN6W5aMAw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=kZSoca63F6RLx9QsJcfzy1rMtiI1B8MZzMBTgQmBubXIbIKwFtiEnmprkZWoPt5Bh/ lr+VP6ZpMZ68Ae0pQU2mk+myCr2Ysue1CxQ+DWNjBVDJYRb0JLwTSdVn4IRvCIedXSl+ vBNS0ve1VUJUSfXttCZvOJr0fVNzB/qoBlW4c= Received: by 10.213.32.73 with SMTP id b9mr2586739ebd.46.1282494612395; Sun, 22 Aug 2010 09:30:12 -0700 (PDT) Received: from nazgul.localnet (196-210-202-152.dynamic.isadsl.co.za [196.210.202.152]) by mx.google.com with ESMTPS id u9sm9206791eeh.23.2010.08.22.09.30.10 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 22 Aug 2010 09:30:11 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] creating ssh account without directory browsing Date: Sun, 22 Aug 2010 18:27:14 +0200 User-Agent: KMail/1.13.5 (Linux/2.6.35-ck-r1; KDE/4.4.5; x86_64; ; ) References: <4C70E194.2090904@googlemail.com> In-Reply-To: <4C70E194.2090904@googlemail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201008221827.14890.alan.mckinnon@gmail.com> X-Archives-Salt: c0d3ea6e-6235-40ea-86d5-f206670bb05c X-Archives-Hash: 1b681bec9e98fdf7c1cbc4135a64e6eb Apparently, though unproven, at 10:36 on Sunday 22 August 2010, Tamer Higazi did opine thusly: > Hi people! > For a project I need to create ssh accounts (based on shared keys) who > would be loged in a specific directory. They should only be able to > login in the desired directory, but not be able for outside browsing. > > > for example: > > /work/ > > but not / or any other scope. > > How would you guys accomplish that?! Make that user's shell rbash. In rbash the user cannot cd. There's a bunch of other stuff they also cannot do. Check man bash near the end to make sure it satisfies your needs. -- alan dot mckinnon at gmail dot com