FreeBSD 11.1: chroot users / provide pre-built binaries
freebsd-en at lists.vlassakakis.de
Mon Jun 25 17:45:12 UTC 2018
I am currently looking for a good solution to my „problem“.
Scenario: I have a fileserver with several hundreds local users.
Each user should be locked into his $HOME (so they can’t cd into any other user-directory, /root etc.), but can login via SSH,SFTP and upload files.
Via ZFS exec,devices,setuid is set to „off", so they can't execute any self-uploaded binaries, except binaries, which are provided by me. (cp, mv, rm, rmdir, sh, touch, chgrp, groups, pwd etc.).
The binaries are included via $PATH.
On the one hand I want to save space, so that the binairies don't have to be in every $HOME,
on the other hand the work is reduced if a binary needs to be updated.
Is there any simple way to lock users into their Home-Directory without editing sshd_config every time?
Thanks in advance
More information about the freebsd-questions