[ale] Need wacky chroot setup help
Jim Kinney
jim.kinney at gmail.com
Fri Aug 21 15:44:57 EDT 2015
That looks quite interesting.
On Aug 21, 2015 3:40 PM, "James Sumners" <james.sumners at gmail.com> wrote:
> Just stumbled across this --
> http://mysecureshell.readthedocs.org/en/latest/
>
> It's a bigger hammer than I want to use for the scenario in this thread,
> but it looks like a interesting tool for other locked down SSH situations.
>
> On Fri, Aug 21, 2015 at 12:23 PM, James Sumners <james.sumners at gmail.com>
> wrote:
>
>>
>> On Fri, Aug 21, 2015 at 10:01 AM, DJ-Pfulio <djpfulio at jdpfu.com> wrote:
>>
>>> Just riffing here ... "bind mount" from ~T1000/dept-fun-times/ to their
>>> own area?
>>
>>
>> I think that's going to work.
>>
>> 1) Create `/home/t1000/dept-fun-times/`
>> 2) Create `/opt/container/dept-fun-times/output` (and give t1000 group
>> +rwx)
>> 3) Bind `/opt/container/dept-fun-times` to `/home/t1000/dept-fun-times`
>> 4) Set `Subsystem sftp internal-sftp` in sshd_config
>> 5) Create match rule in sshd_config to chroot those users to
>> `/opt/container/dept-fun-times`
>> 6) Win
>>
>> Thank you for the (relatively) simple solution.
>>
>> --
>> James Sumners
>> http://james.sumners.info/ (technical profile)
>> http://jrfom.com/ (personal site)
>> http://haplo.bandcamp.com/ (band page)
>>
>
>
>
> --
> James Sumners
> http://james.sumners.info/ (technical profile)
> http://jrfom.com/ (personal site)
> http://haplo.bandcamp.com/ (band page)
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150821/c78c488f/attachment.html>
More information about the Ale
mailing list