[KLUG Members] ssh lock a user in a single directory
Adam Tauno Williams
members@kalamazoolinux.org
Mon, 10 May 2004 10:42:21 -0400
On Mon, 2004-05-10 at 10:05 -0400, Richard Harding wrote:
> I have a user off site that has a web site subfolder they manage. I
> would like to have them use scp to upload/remove files. I have created
> them an account, but I am having trouble locking them in /var/www/subdir
> folder for all of their work. I found a way to chroot users that come in
> with sftp to their home directory, but I cannot seem to get it to work.
> The ChRootUsers is a bad command when I try to reload the ssh config.
> This also does not allow me to lock them into the selected directory.
> Any ideas as to the best way of doing this?
Have you tried just doing this via PAM?
/etc/pam.d/sshd:
#%PAM-1.0
auth required /lib/security/pam_listfile.so onerr=fail item=group sense=allow file=/etc/security/login_limit_list.conf
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_pwdb.so shadow
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_chroot.so debug
session optional /lib/security/pam_console.so
/etc/security/chroot.conf:
# format:
# username_regex chroot_dir
brown /home/brown