> Just downloaded to server now > About to install, pity it wasn't available via yum :( Maybe this is then something that can be added to the repo? I just went to the website for the RPMBuild component: http://lshell.ghantoos.org/RPMBuild and noticed: "Thank you Michael Mansour for this excellent tip!" I advised the developer some months back how to make his package easier to build in RPM etc but didn't realise he credited me on his web page :) Michael. > On Wed, Dec 2, 2009 at 9:33 PM, Michael Mansour <[log in to unmask]> wrote: > > > > noooooo don't give me more choices !!! >.< > > > > > > :) > > > I'm trying to make sense of the man pages about chrooting but can't > > > seem to figure out files to copy where to configure it properly. > > > I'll look at lshell too. > > > > My point exactly. lshell is easy. > > > > With OpenSSH though, you typically don't need to copy libraries into the > > chroot jail unless you're using SFTP. I looked at the latest OpenSSH about > > a > > year ago and I believe for ssh and scp they manage to use the shared > > libraries > > but with sftp they couldn't. > > > > Anyway, save your time and just use lshell, you'll find it straight > > forward. > > > > Regards, > > > > Michael. > > > > > On Wed, Dec 2, 2009 at 9:13 PM, Michael Mansour <[log in to unmask]> wrote: > > > > > > > Hi, > > > > > > > > > The chroot feature was implemented (backport) in version 4.3p2- > > > > > 36.el5 of OpenSSH in RHEL 5, see [1]. > > > > > > > > > > [1] http://rhn.redhat.com/errata/RHSA-2009-1287.html > > > > > - - > > > > > Patrick > > > > > > > > I've used (for years) lshell (Limited Shell). It's extremely powerful > > and > > > > flexible and available in RPM form. > > > > > > > > I haven't tried the new chroot feature of OpenSSH but when it takes a > > few > > > > minutes to setup chroot and limited shell access with lshell, I see no > > > > reason to. > > > > > > > > RPM details are as follows: > > > > > > > > Name : lshell Relocations: /usr > > > > Version : 0.9.6 Vendor: Ignace > > Mouzannar > > > > (ghantoos) <[log in to unmask]> > > > > Release : 1 Build Date: Thu 10 Sep 2009 > > > > 04:25:19 AM EST > > > > Install Date: Mon 09 Nov 2009 03:18:02 PM EST Build Host: > > > > raoul-centos5 > > > > Group : System Environment/Shells Source RPM: > > > > lshell-0.9.6-1.src.rpm > > > > Size : 125860 License: GPL > > > > Signature : (none) > > > > URL : http://lshell.ghantoos.org > > > > Summary : Limited Shell > > > > Description : > > > > lshell is a shell coded in Python that lets you restrict a user's > > > > environment > > > > to limited sets of commands, choose to enable/disable any command over > > SSH > > > > (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing > > > > restrictions, and more. > > > > > > > > Regards, > > > > > > > > Michael. > > > > > > > > > ----- "Victor" <[log in to unmask]> schrieb: > > > > > > Just wondering what the thought is with having OpenSSH 4.9 or later > > > > included as available download on RPM (or even on the official CentOS > > > > repo's... but don't think i can request that here). > > > > > > > > > > > > Reason is I'd like to have the ability for jail'ing users on ssh / > > sftp > > > > / > > > > ftp etc. and 4.9 and above has this support by default so no > > third-party > > > > hacks > > > > needed. > > > > > > > > > > > -- > > > > > > Victor ('Daworm') > > > > > > * Melbourne Wireless Node: KDJ & KDT > > > > > > * Natural Selection 2 Wiki Sysop ( > > > > http://www.unknownworlds.com/ns2/wiki/ ) > > > > > > * AoCWiki Sysop ( http://aoc.wikia.com/ ) > > > > > > * Twitter: @dawormie > > > > > > > > > > > > _______________________________________________ > > > > > > suggest mailing list > > > > > > [log in to unmask] > > > > > > http://lists.rpmforge.net/mailman/listinfo/suggest > > > > > > > > > > ------- End of Original Message ------- > > > > > > > > _______________________________________________ > > > > suggest mailing list > > > > [log in to unmask] > > > > http://lists.rpmforge.net/mailman/listinfo/suggest > > > > > > > > > > -- > > > Victor ('Daworm') > > > * Melbourne Wireless Node: KDJ & KDT > > > * Natural Selection 2 Wiki Sysop > > > (http://www.unknownworlds.com/ns2/wiki/) * AoCWiki Sysop > > > (http://aoc.wikia.com/) * Twitter: @dawormie > > ------- End of Original Message ------- > > > > > > -- > Victor ('Daworm') > * Melbourne Wireless Node: KDJ & KDT > * Natural Selection 2 Wiki Sysop > (http://www.unknownworlds.com/ns2/wiki/) * AoCWiki Sysop > (http://aoc.wikia.com/) * Twitter: @dawormie ------- End of Original Message -------