• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 724
  • Last Modified:

How do I create an SSH account which restricts a user to a single directory?

I have several SVN repos on a linux server. I want to provide a client with direct access to the server so they can run SVN updates on their files. However, I do not want them to see or have access to any other directories on the site (i.e. other client's site files).

For instance, I want to create an account which allows user,  "siteadmin",  to access the "www.adminsite.com" files. When they connect to the server, I want to restrict their access to only this folder: /var/www/html/sites/adminsite_files/

Is there a way to do this (similar to restricting access on an FTP account)?
0
bearclaws75
Asked:
bearclaws75
  • 3
  • 2
  • 2
  • +1
1 Solution
 
bearclaws75Author Commented:
This looks like a promising script, however, I am not understanding the instructions.

-------------------------------
To create a new chrooted account:
# make_chroot_jail.sh <Username> /path/to/chroot-shell /path/to/jail
-------------------------------

I'm not sure what to use as the "/path/tochroot-shell/". What is the "chroot-shell"?

Also, the script creates the <username> but it does not seem to create a password for this user. Does that need to be set later?

Thanks!
0
 
omarfaridCommented:
the page says that the last two are options. by default 2nd argument assume /bin/chroot-shell and the 3rd assume /home/jail

looking at the script, it seams that it prompts for password

http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/make_chroot_jail.sh.html
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
arrkerr1024Commented:
Can you explain why you want to do this?  Maybe there is a better approach...
0
 
Rance_HallCommented:
there is an ssh patch that can restrict users to their "home directory" so then you could just redefine the users home dir to something other than /home/<user>
0
 
bearclaws75Author Commented:
omarfarid --> i understand that command allows for options. I just don't know what path would be used here: "/path/tochroot-shell/".

arrkerr1024 --> I am doing this because I want to give server access to a 3rd party developer so that he can run "svn updates" on the working copy of his site. However, I do not want to give him root access or allow him to browse around the server (which contains files for other client sites). I want to restrict his access so that when he logs in, he will be isolated to this directory (/var/www/html/sites/adminsite_files/) ...and won't be able to navigate to other parent directories.

Rance_Hall --> can you explain what you mean by "SSH patch"?

Thanks for all of your help.
0
 
Rance_HallCommented:
when you compile software from source, you can edit the source before you compile/install it so that it does more what you want to, instead of what the original author wrote.

Some of these "changes" become very popular and other people want to do the same thing, so a "patch" is created that has all the needed changes to add the new feature.

download the source, patch the source with the patch file, and when you compile/install you get the new feature.

Now if you arent comfortable with this idea, you have a couple of options the script referenced here does work, but its overkill if you can get the patch to work.

the other idea is that you can contact the maintainer of the sshd package for your distro, and ask if the "sshd chroot" patch is already applied, or if it can be.

0
 
omarfaridCommented:
you don't have to specify if you do not know the actual path
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now