I have multiple folders in /var/www for different websites -- Apache uses name-based Virtual Hosts (Ubuntu Server). Suppose I want to allow someone to access their /var/www/user directory, but not cd out of it and be able to traverse the system.
I found information about an OpenSSH Jail here: http://antitese.org/sshjail/
Has anyone used/implemented something like this? Is there a better way aside from basic permissions to control this?
I recently implemented it for a client. The concern was that many sensitive files are readable by anyone with SSH access, so I followed the instructions on Limiting Access with SFTP Jails on Debian and Ubuntu at Linode and it has worked fine since.
I did have to fiddle around with permissions quite a bit -- permissions have to be set exactly as described. Also, I found error messages (I think in /var/log/auth.log) to be surprisingly helpful.
