restricted ssh shell for ruby on rails hosting ? (rake, git, etc.)

Peter Vereshagin peter at
Mon May 9 17:51:09 UTC 2011

Nobody knows that you're in for that, freebsd-questions!
2011/05/09 17:02:06 +0200 Olivier Mueller <om-lists-bsd at> => To FreeBSD Questions :

OM> but one of the thing I would like to prevent is for example accessing
OM> some files like /etc/passwd   (= listing all other customers domains in
OM> this specific case).  

I learned about the chroot option for some new flavor of sshd recently,
probably the chroot dir is capable to be assigned per user. With proper nullfs
plugging software features like binaries, libs and cron variables into every
such a directory for every such a user this should do the trick.

OM> Other things would be: 
OM> - prevent the launch of daemons  (-> screen, irssi, bots, etc.) -> ?

This particular should be achieved by mean of time-related ulimit capabilities
in login.conf(5)? If for ports to listen, the restrictions should be made via
mac(3) to restrict the certain system call, e. g., listen() for particular
system instances, e.  g., users?

73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB  12F8 0CE1 4AAC A0E2 6627)

More information about the freebsd-questions mailing list