[scponly] Install for many accounts

Hammad scponly at brisksolutions.com
Sun Aug 24 12:03:11 EDT 2003


I like to have a clean scponly user home too. For example, proftpd handles the  
chroot enviornment very cleanly. It doesn't need any lib or usr or bin 
directories in user's home.

Can we do something like that?

Quoting Matthew Moffitt <moffitt.10 at sociology.osu.edu>:

| The restricted shell is great and looks like a nice solution for us to allow
| people into samba home folders remotely w/o having to resort to smb
| traffic.
| 
| Once glitch I'm running into is in setting up the chroot option.  Walking
| through the instructions and looking through the setup_chroot.sh script I see
| how we set this up for a particular user with the binaries in their chroot'd
| directory.
| 
| However I'd like to have a single installation of the binaries but allow all
| users to have the scponly shell.  That would avoid having usr, bin, etc, and
| other folders tacked into their home directories.
| 
| I tried modifying the setup in config.h to build these so it would look for a
| '.scponly/usr' and other folders instead of the default which I thought I
| could then symlink for each person but this won't work, it can't follow the
| symlink out of the jail.  Even if I copied this over to each person's home,
| making it look a little cleaner from their perspective, I still have the
| problem with programs like sftp-server having a hard coded path to find
| ld-elf.so.1 in /usr/libexec.
| 
| Is there another approach that would facilitate creating an install for
| several hundred accounts still using a jail but not having the binaries
| copied over for each person?  I would think there must be a clean way to do
| this but I don't see it.
| 
| -Matt
| 
| _______________________________________________
| scponly mailing list
| scponly at lists.ccs.neu.edu
| https://lists.ccs.neu.edu/bin/listinfo/scponly
| 



More information about the scponly mailing list