Chrooting SSH

Daniel Bye dan at
Fri Apr 11 17:38:30 PDT 2003

On Fri, Apr 11, 2003 at 11:37:32PM +0200, Ian Barnes wrote:
> Hi,
> I have a few questions for the brains around.
> 1.)I am going to set up a shell server. I want to CHRoot the users, and
> allow them access to certain programs only. There will be different levels
> on the server, so i want to be able to control what level user can use what
> program (WOW!).

chrootssh was mentioned on the list a couple of days ago.  It may be what
you need:

There are several ways you could set up the different "levels" of access -
using traditional UNIX groups is maybe the easiest, or you could really take
advantage of chrootssh's caabilities, and build multiple chroot
environments.  This is a lot more work though.

You might even consider using jail(8), if you have enough IP addresses.

> 2.)I also want to implement bandwidth management, please point me in the
> right direction to finding a good tutorial on how to do this.

Dummynet is your friend.  The ipfw(8) man page should get you started, or
try googling - even a one-word search brings back loads of useful looking

> 3.)What firewall should i use ... IPFW or IPF ? Im not going to be doing
> NAT, just basic firewalling, but i need it to be secure. Which is the easist
> to learn etc.

IPFW - it provides dummynet to satisfy 2) above.


> 5.)Setting up quotas for each user. Saying X is allowed 10meg while Y is
> allowed 50meg etc.

FreeBSD provides a disk quota mechanism - check the documentation in the
handbook at
It should be enough to get you started.


Daniel Bye

PGP Key:
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

More information about the freebsd-questions mailing list