[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Jail SCPonlyc user into public_html
From: |
Olivier Sessink |
Subject: |
Re: [Jailkit-users] Jail SCPonlyc user into public_html |
Date: |
Wed, 06 Feb 2013 23:20:35 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130106 Thunderbird/17.0.2 |
On 02/06/2013 06:48 PM, Brahmanathaswami wrote:
> Overview:
>
> I need to allow web design geeks who do CSS, JS, HTML5 access to files
> in the DOCROOT directly for a virtual server (our staging server) I
> need to allow SFTP only, SCPonly (no ssh) and read and write privileges
> to the "public_html" directory, but they must not be able to see up the
> directory tree or read files up the tree.
if there should be no access at all to the other directories for the
domain, a possible design for this is to create jails for each user (use
hardlinks so the jails will not use any diskspace), e.g.:
/srv/jails/user1
/srv/jails/user2
/srv/jails/user3
/srv/jails/user4
and mount the public_html directory in that jail
mount -o bind /home/devstaging/public_html /srv/jails/user1/home/user1/
that way, user1 will see his own jail, with no other information around
than the public_html data.
Another solution: If you only want to isolate the domains from each
other, you could create a jail in the existing domain directories:
/home/domain1/
/home/domain2/
That means that you will get some extra directories there:
/home/domain1/etc/
/home/domain1/bin/
/home/domain1/sbin/
etc.
Olivier
--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/