[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Need wacky chroot setup help
- Subject: [ale] Need wacky chroot setup help
- From: james.sumners at gmail.com (James Sumners)
- Date: Fri, 21 Aug 2015 15:37:23 -0400
- In-reply-to: <CAAt=rgADXbbVQx=TH-0CihB9iok5=+zipe=hj8oEvo210yd4dg@mail.gmail.com>
- References: <CAAt=rgDL7s=4RB76UoQipPOaRObyyxGUUeHdy6Ftd5UsdSCEXg@mail.gmail.com> <[email protected]> <CAAt=rgADXbbVQx=TH-0CihB9iok5=+zipe=hj8oEvo210yd4dg@mail.gmail.com>
Just stumbled across this -- http://mysecureshell.readthedocs.org/en/latest/
It's a bigger hammer than I want to use for the scenario in this thread,
but it looks like a interesting tool for other locked down SSH situations.
On Fri, Aug 21, 2015 at 12:23 PM, James Sumners <james.sumners at gmail.com>
wrote:
>
> On Fri, Aug 21, 2015 at 10:01 AM, DJ-Pfulio <djpfulio at jdpfu.com> wrote:
>
>> Just riffing here ... "bind mount" from ~T1000/dept-fun-times/ to their
>> own area?
>
>
> I think that's going to work.
>
> 1) Create `/home/t1000/dept-fun-times/`
> 2) Create `/opt/container/dept-fun-times/output` (and give t1000 group
> +rwx)
> 3) Bind `/opt/container/dept-fun-times` to `/home/t1000/dept-fun-times`
> 4) Set `Subsystem sftp internal-sftp` in sshd_config
> 5) Create match rule in sshd_config to chroot those users to
> `/opt/container/dept-fun-times`
> 6) Win
>
> Thank you for the (relatively) simple solution.
>
> --
> James Sumners
> http://james.sumners.info/ (technical profile)
> http://jrfom.com/ (personal site)
> http://haplo.bandcamp.com/ (band page)
>
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (band page)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150821/fc0535f5/attachment.html>