如何监禁linux用户

Question

Is there something similar to chroot, but for users?

We are about to grant access to our servers for a client and would like them to see only the directories we allow.

Answer 1

A Google search on "openssh jail" led me to SSHjail for openSSH . If your client uses ssh/scp to access the said servers, this might be what you are looking for.

Answer 2

The "best answer" from 2009 is outdated. OpenSSH now comes with the ChrootDirectory option. See http://www.debian-administration.org/articles/590 which is for an already-old version of ssh.

Answer 3

It is important to note that chroot(2) is not meant for security purposes. It is incredibly easy to escape a chroot jail. See this article on abusing chroot for more information.

Answer 4

一个有效的方法是使用lshell

Answer 5

如果你真的想要达到这个极端， SE Linux （或任何其他强制访问控制 ）是默认的unix权限的明确改进。

Answer 6

No easy way to jail users in their homedirs. BTW, I would NEVER give access to my systems to someone I don't trust a minimum.

Last time I did, I used an "unescapable" menu based on http://bash.cyberciti.biz/guide/A_menu_box The .bashrc launches this script you would not escape :

~/.bashrc :
(LAST LINE)
./menu.sh; exit 0

Yes, I had to write scripts for each and every menu item (get logs, check sys, ...) but nobody to run 'chown -R root:root /' instead of *. Priceless.

[EDIT] : create a dedicated user, don't do this as root !!!