Lock user in home directory

[DENOxCOOL]

Hi,

i have FreeBSD 9.1 and i want to lock my customers/users in their home directory.
How i do that?

Much say with chroot, but i don't know how to use it.

PS: I am from Germany

Thanks for help.

Greetings,
DENOxCOOL

 

[drhowarddrfine]

When you create a new user, they are automatically locked into their own home directory, so I don't know what the problem is.

 

[Uniballer]

Really? It doesn't seem to work that way when I use the adduser script. How do you create new users that can't simply # cd somewhere_else?

 

[bbzz]

And why it shouldn't cd somewhere? Chrooting regular user into his own /home means he won't be able to access even the most basic tools, which is usually not what is wanted.
Instead rely on making sure you have proper permissions on the system.

 

[rusty]

Not sure what you're trying to accomplish but mac_bsdextended may be worth looking at.
http://www.freebsd.org/doc/handbook/mac.html

 

[johnd]

DENOxCOOL:

I´m also not sure what you want but you can try to achieve that with OpenSSH. Here is a simple example how to do it:
First, you edit the configuration file of sshd(8):

Subsystem    sftp    internal-sftp

Match group sftpusers
    ChrootDirectory    %h
    ForceCommand    internal-sftp
    AllowTcpForwarding    no

Next, you need to set the directory permissions of the "chrooted" directories. Make sure they are not writeable by any other users than root:
# chown root:wheel /home/some_user /home/some_other_user
# chmod 755 /home/some_user /home/some_other_user

Now you can create a group for the users who should be "chrooted" and add them to that group:
# pw groupadd -m some_user,some_other_user

Also give them the nologin shell:
# for i in some_user some_other_user; do chsh -s /usr/sbin/nologin $i; done

Finally, (re)start the sshd daemon.