> i need to give someone shell access to my server (ssh) but i dont > want him to go higher than /home/ ... any idea on how that can be done
first question: why this paranoia? protecting other home directories is no problem - more precise: it is the default setting. if you have mounted dos-partitions, then you can put something like /dev/hda2 /c vfat uid=500,gid=100,umask=77,noexec,quiet 0 0 into your fstab to grant access to only one user (you, 500 should be replaced with your uid). more rights can be granted by giving a certain gid to files only you (as non-root) should have access to and put yourself in this privileged group; this technique is used, e.g. for granting full access to video devices for some users by chown-ing /dev/video? to root.video and putting the apropriate users into the video-group (a user may be in several groups). the files would be chmod-ed to rwxrwx---, etc. i can see no reason to hide the rest of the system from somebody you trust enough to give him a ssh-login. if you insist on an absolutely isolated system with an own /, you may specify a script (which chroot-es and resets $SHELL) as the login-shell of that user (just an idea ...). but you would have to set up a fully working linux-system in his home dir ... -- Hi! I'm a .signature virus! Copy me into your ~/.signature, please! -- Linux - the last service pack you'll ever need.
