On Fri, 2005-08-26 at 18:16 -0700, Bryan.ONeal@asu.edu wrote: > Quoting Craig White : > > > I thought that I had read if you put /./home/user as the users home > > directory in /etc/passwd that it would chroot them to that directory > > only. Don't recall where I read that info and it may not be at all > > accurate. > > > > Most ftp programs should have a way to lock them into their home > > directory though - I don't do much ftp these days. > > > > Craig > > > > --------------------------------------------------- > > Would have been great if it worked but, no. > I created a new user with a home dir like you mentioned and it did nothing other > then create a normal user > > # useradd -d /./home/test2 testme > # passwd testme > Changing password for user testme. > New UNIX password: > BAD PASSWORD: it is based on a dictionary word > Retype new UNIX password: > passwd: all authentication tokens updated successfully. ---- that could never work. You would have to enclose in quotes. useradd -d "/./home/testme" testme passwd testme But I still don't think that this by itself will chroot that user to the home directory. The problem is that when you give someone a shell, they need access to the binary applications which comprise their shell at the very least and those are in the filesystem itself (likely /usr/bin and /bin) so to have a shell and be chrooted from those locations, would pretty much render their login useless. If I recall, the "/./home/user_home" home directory in /etc/passwd related to some type of ftp - perhaps wu-ftpd (which I used to occassionally use), perhaps some other ftp daemon server. You have to define what it is that you want them to do - sftp (openssh) require a valid shell and that means access to the filesystem. If all they need is file transfer and not a shell, I think that Joseph pretty much gave you a great way to go (he is a great source of info). There has also been some discussion (probably mostly der.Hans) on UML (User Mode Linux) which I presume is all about restricted shell accounts. Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss