A new version of the Article Button plugin for Joomla 2.5 can be found here.

IT-Blog

limit user rights - Jail Shell SFTP (Debian)

By default a user in user has a lot of rights, nothing really critical, but why allow him to peak in any config files if he doesn't really need to? So i was looking for a way to limit the rights of a remote user, without the need to chmod a lot of files. The first way i found was to create a jail shell. This is a pretty cool way to limit a user to a handful of commands and prevent him of leaving his home-directory. It works either with SFTP (easy) and SSH (bit more of configuration) and can either be applied to a user or a group. The user is named "heinzi" in this example:

SFTP

user

  Match User heinzi
  ChrootDirectory /home/heinzi
  AllowTCPForwarding no
  X11Forwarding no
  ForceCommand /usr/lib/openssh/sftp-server

group

  Match Group users  
  ChrootDirectory /home
  AllowTCPForwarding no
  X11Forwarding no
  ForceCommand /usr/lib/openssh/sftp-server

restart ssh

/etc/init.d/ssh restart 

The user should now be limited to his homedirectory.

  • Manfred Hofbauer

    Posted at 2010-11-22 08:47:23

    Works fine at my side, I tested it by adding the lines with a existing user at the end of the file. Be sure to remove spaces before and after, and not to copy any additional cr/lf.

    Auf Kommentar antworten

  • julius

    Posted at 2010-11-20 20:51:59

    /etc/ssh/sshd_config line 88: Directive 'UsePAM' is not allowed within a Match block
    its not work for me

    Auf Kommentar antworten

Veröffentlichen Sie ihre Kommentare ...


Warning: Creating default object from empty value in /www/htdocs/w0101274/www/fairtec.at/modules/mod_udjacomments/helper.php on line 387