From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.62)
	(envelope-from <gentoo-user+bounces-59474-garchives=archives.gentoo.org@gentoo.org>)
	id 1HDQTF-0007cP-78
	for garchives@archives.gentoo.org; Sat, 03 Feb 2007 19:22:45 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.8/8.13.8) with SMTP id l13JL123030201;
	Sat, 3 Feb 2007 19:21:01 GMT
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172])
	by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id l13JFKkn021931
	for <gentoo-user@lists.gentoo.org>; Sat, 3 Feb 2007 19:15:20 GMT
Received: by ug-out-1314.google.com with SMTP id z38so1008145ugc
        for <gentoo-user@lists.gentoo.org>; Sat, 03 Feb 2007 11:15:20 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=IZMqV0aQa5S0jH0Vui0E7GDzoMHoOZ86f5iyiHVMUeKpLI9QZJO7FDgb1IMf2fm/bI5dn9uLzpPR91I8dWYRWu8YM+cz1wROMCdxUfEqYAp8kPiA7lpODdSJjBPnxyeANkBxGb0oxOJS3CxH5zI4y66sxBScbFTt1akbiiVrgjw=
Received: by 10.78.17.4 with SMTP id 4mr937358huq.1170530120052;
        Sat, 03 Feb 2007 11:15:20 -0800 (PST)
Received: by 10.78.162.9 with HTTP; Sat, 3 Feb 2007 11:15:20 -0800 (PST)
Message-ID: <5bdc1c8b0702031115u688f46e3v394ff77bfc0b0353@mail.gmail.com>
Date: Sat, 3 Feb 2007 11:15:20 -0800
From: "Mark Knecht" <markknecht@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] scp login but confine the user to his home directory?
In-Reply-To: <976cb44f0702021941j6de6da69u8888349287eda82@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <5bdc1c8b0702021913k6fd4f260m7932da2a6293bca4@mail.gmail.com>
	 <976cb44f0702021941j6de6da69u8888349287eda82@mail.gmail.com>
X-Archives-Salt: 72ba7d28-5687-4607-8e39-13914a40dba0
X-Archives-Hash: 143609ca02692f10ed4fea1248ad2fa1

On 2/2/07, Greg Bur <greg.bur@gmail.com> wrote:
> On 2/2/07, Mark Knecht <markknecht@gmail.com> wrote:
> > Hi,
> >    I'm wondering if it is possible and/or advisable to set up an
> > account where a user can scp files in and out of his home directory
> > using scp but if he logs into the machine using ssh he cannot go
> > anywhere outside of his home directory?
> >
> >    How would I set something like this up?
>
> Mark,
>
> Rebuild openssh with the chroot USE flag enabled and then have a look
> at the following HOWTO:
>
> http://www.howtoforge.com/chrooted_ssh_howto_debian
>
> It's a bit of work to set up but it works well.  We have a similar
> setup at work for our shared hosting customers.
>
> Regards,
>
> Greg

Thanks Greg. That looks pretty manageable and easier than some of the
full blown chroots I've built before under Gentoo. Certainly good
enough to try things out and see how it works.

Thanks a lot,
Mark
-- 
gentoo-user@gentoo.org mailing list