[pkatzman]

In attempting to set up a user account for a friend to log into over SSH, I got into a discussion with him as far as what prevented him from then maliciously tinkering with my files (those not protected by the need for an Administrator password) and got onto the subject of user "jails" as implemented in FreeBSD. Hopefully some of you are familiar with it, I understand it's been around for a while. Basically, you can put certain users in a "jail" that allows them file system access no further than their own home directory - when they try to "cd /" it simply takes them to the current home directory.

I am looking for a way to do this in OS X (running the latest, 10.4.9 update on PPC.) Any help?

Thanks!

EDIT: Okay, the closest thing I've found (forgot to post it at first) is this page, but unfortunately it describes the process only for FTP access, which I'm assuming doesn't apply here. Furthermore, the article is only tested to have worked on 10.3, and as such may have changed in 10.4 (let alone a subsequent 10.4.x update.)

[torifile]

You mean chroot? Don't know how to set it up, but maybe that'll help you on your search.

[chucker]

You can do this for individual daemons (such as SSH and FTP), but I don't believe this is currently possible for local logins.

Quote:

Originally Posted by torifile You mean chroot? Don't know how to set it up, but maybe that'll help you on your search.

Yep, chroot is the common jail implementation on OS X. However, it's limited to a particular process.

E.g., you can do

Code:

chroot /deep/path/in/your/filesystem ftpd

Then, as far as ftpd is concerned, /deep/path/in/your/filesystem is actually / – there is nothing above or aside it. Any FTP login through that daemon would follow this limitation.

A jail can be a more complex and more secure mechanism, and doesn't have to be limited to the file system. FreeBSD jails, for example, also have process separation (a process in jail A cannot see, let alone interact with, processes in jail B) and network isolation.

[pkatzman]

Quote:

Originally Posted by chucker You can do this for individual daemons (such as SSH and FTP), but I don't believe this is currently possible for local logins. Yep, chroot is the common jail implementation on OS X. However, it's limited to a particular process. E.g., you can do Code: chroot /deep/path/in/your/filesystem ftpd Then, as far as ftpd is concerned, /deep/path/in/your/filesystem is actually / – there is nothing above or aside it. Any FTP login through that daemon would follow this limitation. A jail can be a more complex and more secure mechanism, and doesn't have to be limited to the file system. FreeBSD jails, for example, also have process separation (a process in jail A cannot see, let alone interact with, processes in jail B) and network isolation.

Ah, that's right, thanks. I forgot about the more interesting aspects of jails and such.

Thanks for the chroot tip, but is there any way to limit it to a particular user? I want to be able to login over ssh and have full access. Maybe I should chroot ssh to "~/" and then when I need full access remotely, simply chroot it back to the actual root?

[pkatzman]

Update: I've looked into it further, mainly poking around in the man pages, and apparently the chroot command has a -u flag, allowing one to specify a user. So if I use the command

Code:

chroot -u Remote /Users/remote/ sshd

will that perhaps do what I want? I don't want to mess up something badly on my computer, though I suppose everything is fixable.

EDIT: I tried the command, and it gave me an error of

Quote:

chroot: /bin/bash: No such file or directory