Hi
I am running a small Redhat 9 Linux system for a home network, with a very basic setup, i. e. no NIS, no shadowing of the /etc/passwd etc. Reasonable level of security with no root login, iptables and such simple measures.
So far I have only granted my own user account access to login via ssh or file transfer via scp. Other users (mail users) have been disallowed to login by setting the shell in /etc/passwd to /sbin/nologin.
Now I need to create an account for a person, so that he can upload files via scp. I have concluded that I can't use /sbin/nologin for this account so I need to state a shell.
To create the user and give scp access is no problem, but my small but very annoying problem is that when loggin into this account with a scp client, there seems to be no restriction for where I can walk in the directory hierarchy.
I want to configure it so that the user can not go "up" in the hierarchy if he is in is $HOME directory. Only access his own subfolders.
I have surfed around on the net for a simple instruction on how to do this (can't really be rocket science?!) but to my big surprise I haven't found anything. At least not a simple way to do it and certainly no good step-by-step instruction.
I guess that if finding a way to do this when accessing the user $HOME directory, it would have the same effect as is the user logged in via ssh. That would certainly be an advantage, otherwise I would be happy to learn also how to do that since I can not restrict shell login with the /sbin/nologin dummy shell.
Thanks
/D
