Loading ...rssh: Per User Configuration Options For Chroot Jail
rssh is a restricted shell for providing limited access to a host via ssh. It also allows system wide configuration and per user configuration. From the man page:
The user configuration directive allows for the configuration of options on a per-user basis. THIS KEYWORD OVERRIDES ALL OTHER KEYWORDS FOR THE SPECIFIED USER. That is, if you use a user keyword for user foo, then foo will use only the settings in that user line, and not any of the settings set with the keywords above. The user keyword’s argument consists of a group of fields separated by a colon (:), as shown below. The fields are, in order:
- username : The username of the user for whom the entry provides options
- umask : The umask for this user, in octal, just as it would be specified to the shell access bits. Five binary digits, which indicate whether the user is allowed to use rsync, rdist, cvs, sftp, and scp, in that order. One means the command is allowed, zero means it is not.
- path : The directory to which this user should be chrooted (this is not a command, it is a directory name).
rssh examples of configuring per-user options
Open /etc/rssh.conf file:
# vi /etc/rssh.conf
All user tom to bypass our chroot jail:
user=tom:077:00010
Provide jerry cvs access with no chroot:
user=jerry:011:00100
Provide spike rsync access with no chroot:
user=spike:011:10000
Provide tyke access with chroot jail located at /users
user="tyke:011:00001:/users" # whole user string can be quoted
if your chroot_path contains spaces, it must be quoted. Provide nibbles scp access with chroot directory:
user=nibbles:011:00001:"/usr/local/tv/shows/tom and jerry"
Recommended readings:
=> rssh home page
=> Redhat specific chroot jail script (outdated)
=> Refer man pages: rssh.conf, rssh, ssh, sshd, sftp, scp, rsync, sshd_config
Continue reading rest of the rssh a restricted shell series.
Contents
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or full RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in...
- How to: Configure User Account to Use a Restricted Shell ( rssh )
- How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh
- Linux Configure rssh Chroot Jail To Lock Users To Their Home Directories Only
- Chroot in OpenSSH / SFTP Feature Added To OpenSSH
- Linux and UNIX Backing up key information or files
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: /etc/rssh.conf, /etc/sysconfig/syslog, chroot conf, chroot howto, chroot jail, chroot mknode, chroot shell, chroot users, debian chroot, fedora chroot, redhat chroot, rssh chroot, rssh connection closed, scponly chroot, sftp, sftp chroot, sshd chroot, syslogd ~ Last updated on: January 12, 2008
Recent Comments
Yesterday ~ 9 Comments
Yesterday ~ 2 Comments
Yesterday ~ 4 Comments
Yesterday ~ 8 Comments
Yesterday ~ 3 Comments