The best and easiest way, don't give ssh jailshell.
I never do on any server. There is enough power via cpanel, cse script, ftp scripts etc.
Everything a user needs can be done through a gui.
just my opinion. And if a user demands it, then they can also deman another
provider because thats something I definitely will not provide.
good luck
I never do on any server. There is enough power via cpanel, cse script, ftp scripts etc.
Everything a user needs can be done through a gui.
just my opinion. And if a user demands it, then they can also deman another
provider because thats something I definitely will not provide.
good luck
I don't recommend giving any kind of shell access to any user ....
However to answer your question, you can set owner "root:root"
and permissions "700" on any program you want accessible
by root only.
While I don't see a problem with things such as 'ps' and 'top'
doing this, you should be advised that restricting some commands
could feasible break scripts that depend on those commands.
However to answer your question, you can set owner "root:root"
and permissions "700" on any program you want accessible
by root only.
While I don't see a problem with things such as 'ps' and 'top'
doing this, you should be advised that restricting some commands
could feasible break scripts that depend on those commands.
Another way to achieve this without having to go setting permissions about the fil system in a draconian way is to install a role based access control (RBAC) , the grsec kernel patches has a good rbac included in them . ( http://www.grsecurity.net/ ) It needs a kernel recompile , however once you have the least privilege policies created, then you can move this policy to any server with a few copy operations .
