[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Philip Radford wrote: > > I am looking at using SSH rather than FTP to allow clients to access our > linux box so that they can update their own web sites. They will need to > use WinSCP for SFTP. There is an "scponly" shell. I use it, but only as part of a backup script, so I can push a backup, where a "pull" would be the more secure but fiddlier way. > However does anyone know how to restrict access to specific directories > e.g. just the users home directory without giving them access to the > whole server. There are various "restricted shells", some will do a "chroot" to keep within a directory, others allow some access to the rest of system but may only allow commands already in the PATH to be executed (i.e. rbash). I'd be sceptical of any shell not doing a full "chroot", and providing significant features, surviving a skilled malicious attack. But then presumably you won't give accounts to just anyone? -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html