Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1462
  • Last Modified:

secure ssh, how to keep user in his directory

I want to create an accout with FTP and ssh capability.
How can I set it so user can not cd to other directories?
OS: Linux (Red Hat)
1 Solution
Nav444Author Commented:
I did some research, and it seems that I should use ssh-dummy-shell in order to do this. My ssh is installed with red hat long time ago. And I do not have a ssh-dummy-shell on bin directory!! What I should do?

Please help,
I really apreciate it.

I see that that command is part of the commercial SSH package; Red Hat (and most Linuxen) use OpenSSH, which does not come with this command.

However, there are other mechanisms you can use, depending on what exactly your goal is.

As your post suggests, if you're just worried about a user "cd"ing out of his homedir, you can give him a restricted shell (rsh/rbash/rksh as examples) and limit his $PATH to a directory with a set of allowed commands so he can't run anything you don't want him to run, and so he can't change directory.

If you wanted him to be more confined, so that there is no way for him to see the rest of the filesystem at all, you'd want to 'chroot' him into his homedir; this can be done with PAM modules (pam_chroot), or, I think there are some special shells floating around that can do this.
man chroot

then use /usr/bin/chroot as login shell in /etc/passwd
Keep in mind that you need to configure your system to work with chroot, see man-page
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!


are you sure that would work?  First of all 'chroot' requires arguments, it doesn't do anything without telling it into what directory you wish to chroot -- so you would need to use it in a script that provides the home directory as the argument.

Secondly, only the superuser can chroot, and the user's login shell is run as that userid, not as root.
Nav444Author Commented:
Please give me little more detail. I tried to setup a chroot, but was not successful!!
I do not know about PAM.

You could try to give the user rbash as shell.

Here is the extremely complicated invocation of rbash: "/bin/bash --restricted"

Ok, it's not the most secure thing in the world, but for a simple application it should do.
What's your purpose ?
It's an unix box, so if you want the users to run even basic commands with their shell accounts they need binaries like ls, cp, etc. with their shared librairies, they need some files in /dev, ...

So they need to access these files, and whether they can cd into these public directories or not is not the problem.

If you want to prevent them from accessing some other parts of the filesystem they don't need, configure the permissions accordingly.

This is for a shell account with ssh as you asked, for ftp only it makes sense to restrict the users to their home directory and how to do this depends upon which ftp server you're using.

If you're really willing to restrict the users with a shell account in their directories you need chroot jails, with all the stuff they could need installed there, which will a pain to maintain, as you'll have to add the least binary when someone asks.

Unless maybe for shell accounts with a very specific and predefined purpose with a limited set of commands available ? Like ls/cp/rm/mv/editor ?

I don't know rbash, but I don't see limiting the commands which can be run from a shell can as a serious security system.

If rbash is not enough and you need to build real jails, you can have a look at makejail at http://www.floc.net/makejail which makes it easier (I'm the author) basically it automatizes most of the process described in chrooting howtos.

> Please give me little more detail. I tried to setup a
> chroot, but was not successful!!
> I do not know about PAM.

The user should land in the chroot once he's logged in, which means something a bit complex with something like a root suid binary /bin/shell_user1 (defined as the shell for user1 in /etc/passwd), compiled from a short C program which executes the chroot commands and changes its uid/gid from root to user1.
So the problem is not with PAM because the chroot trick occurs once the user is logged in (unless each user has its sshd and ftpd daemons in his own chroot !)

But wonder why you'd really need such a thing first.

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now