Limiting ssh user account only to access his home directory!
Posted
by EBAGHAKI
on Super User
See other posts from Super User
or by EBAGHAKI
Published on 2010-04-16T19:19:43Z
Indexed on
2010/04/16
20:54 UTC
Read the original article
Hit count: 316
By reading some tutorials online I used these commands:
Make a local group: net localgroup CopsshUsers /ADD
Deny access to this group at top level: cacls c:\ /c /e /t /d CopsshUsers
Open access to the copSSH installation directory: cacls copssh-inst-dir /c /e /t /r CopsshUsers
Add Copssh user to the group above: net localgroup CopsshUsers mysshuser /add
simply put these commands will try to create a usergroup that has no permission on your computer and it only have access to the copSSH Installation directory.
This is not true, since you cannot change the permission on your windows directory, the third command won't remove access to windows folder (it says access denied on his log). Somehow I achieved that by taking ownership of Windows folder and then i execute the third command so CopsshUsers has no permissions on windows folder from now on.
Now i tried to SSH to the server and it simply can't login! this is kind of funny because with permission on windows directory you can login and without it you can't!! So if you CAN SSH to the server somehow you know that you have access to the windows directory! (Is this really true??)
Simple task: Limiting ssh user account only to access his home directory on WINDOWS and nothing else!
Guys please help!
© Super User or respective owner