Is there a way to configure ssh such that a user is jailed to a certain subsection of the directory tree, has file-system limits (space quotas), and can not run any programs such that the only access to the system is sftp, scp, and rsync? This setup would only need to support a few users and needs to run on a low resource machine (single-core, 1GB RAM, 10.3-RELEASE-p7, i386). Before I start mucking about in sysjail and MAC docs, is this something ssh can do on its own? Or maybe a better question is, how much of this can ssh do on its own? Perhaps I can relax some of my requirements if a simple solution is available.
As always, any references, suggestions, experiences, explanations, insights, words of wisdom, war stories, etc. will be very appreciated!
As always, any references, suggestions, experiences, explanations, insights, words of wisdom, war stories, etc. will be very appreciated!