Pann McCuaig <[log in to unmask]> writes:
> We would like to create accounts for restricted users, primarily for
> data sharing purposes. These users would have access to the filesystem
> as appropriate, but would not be allowed to run the applications living
> under /opt and /usr/local.
I can think of several options, maybe one will fit:
You can use a restricted shell like scponly so only scp/sftp will be
alowed.
You can use ssh/authorized_keys commands to limit certain keys to
certain executables. This is good for a CVS+SSH server. See "man
sshd" for what is possible.
I've never tried this last one, but I think you can set up users in a
chroot environment. You could "mount -bind" just those filesystems
that you want visible. Maybe PAM has a module for chroot logins.
Last, you could set up a virtual machine and only mount the file
systems you want to expose.
-Brett.