Formerly "djfusion"
|
In attempting to set up a user account for a friend to log into over SSH, I got into a discussion with him as far as what prevented him from then maliciously tinkering with my files (those not protected by the need for an Administrator password) and got onto the subject of user "jails" as implemented in FreeBSD. Hopefully some of you are familiar with it, I understand it's been around for a while. Basically, you can put certain users in a "jail" that allows them file system access no further than their own home directory - when they try to "cd /" it simply takes them to the current home directory.
I am looking for a way to do this in OS X (running the latest, 10.4.9 update on PPC.) Any help? Thanks! EDIT: Okay, the closest thing I've found (forgot to post it at first) is this page, but unfortunately it describes the process only for FTP access, which I'm assuming doesn't apply here. Furthermore, the article is only tested to have worked on 10.3, and as such may have changed in 10.4 (let alone a subsequent 10.4.x update.) |
quote |
‽
|
You can do this for individual daemons (such as SSH and FTP), but I don't believe this is currently possible for local logins.
Quote:
E.g., you can do Code:
chroot /deep/path/in/your/filesystem ftpd Then, as far as ftpd is concerned, /deep/path/in/your/filesystem is actually / – there is nothing above or aside it. Any FTP login through that daemon would follow this limitation.A jail can be a more complex and more secure mechanism, and doesn't have to be limited to the file system. FreeBSD jails, for example, also have process separation (a process in jail A cannot see, let alone interact with, processes in jail B) and network isolation. Last edited by chucker : 2007-03-14 at 18:01. Reason: Posts merged |
|
quote |
Formerly "djfusion"
|
Quote:
Thanks for the chroot tip, but is there any way to limit it to a particular user? I want to be able to login over ssh and have full access. Maybe I should chroot ssh to "~/" and then when I need full access remotely, simply chroot it back to the actual root? |
|
quote |
Formerly "djfusion"
|
Update: I've looked into it further, mainly poking around in the man pages, and apparently the chroot command has a -u flag, allowing one to specify a user. So if I use the command
Code:
chroot -u Remote /Users/remote/ sshd will that perhaps do what I want? I don't want to mess up something badly on my computer, though I suppose everything is fixable.EDIT: I tried the command, and it gave me an error of Quote:
|
|
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Firefox 2.0 for Mac: User Interface Grievances (Redux!) | Brad | Third-Party Products | 42 | 2006-11-06 13:33 |
Enabled root user. Remove "Other..." from login window? | spotcatbug | Genius Bar | 4 | 2006-06-22 18:31 |
_too_ long user names | Escher | Feedback | 29 | 2006-04-29 17:28 |
2 Questions about Fast User Switching? | Fooboy | Genius Bar | 4 | 2006-03-25 12:56 |
Missing User Name | dmontene | Genius Bar | 2 | 2005-07-18 15:29 |