Re: how to chroot /home/ an ssh/telnet acct

[Oswald Buddenhagen <ob6@inf.tu-dresden.de>]

>    i need to give someone shell access to my server (ssh) but i dont
> want him to go higher than /home/ ...  any idea on how that can be done

first question: why this paranoia? protecting other home directories is
no problem - more precise: it is the default setting. if you have
mounted dos-partitions, then you can put something like
/dev/hda2 /c vfat uid=500,gid=100,umask=77,noexec,quiet 0 0
into your fstab to grant access to only one user (you, 500 should be
replaced with your uid).
more rights can be granted by giving a certain gid to files only you (as
non-root) should have access to and put yourself in this privileged
group; this technique is used, e.g. for granting full access to video
devices for some users by chown-ing /dev/video? to root.video and putting
the apropriate users into the video-group (a user may be in several
groups). the files would be chmod-ed to rwxrwx---, etc. 
i can see no reason to hide the rest of the system from somebody you trust
enough to give him a ssh-login.

if you insist on an absolutely isolated system with an own /, you may
specify a script (which chroot-es and resets $SHELL) as the login-shell of
that user (just an idea ...). but you would have to set up a fully working
linux-system in his home dir ...

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Linux - the last service pack you'll ever need.