I've changed the NFSHomeDirectory settings in the relevant mount points
for my users to be like:
/Network/Servers/servername/Volumes/./SomeVolume/blah/blah/blah
This means they get chrooted at "/Volumes" on the server, thus
disallowing them access to the system drive. This does not appear to
pose any problems for network home directories, but this could be
because all my students are on AFP home directories anyway.
This means that they can only scp and sftp, and do not have a 'real'
ssh account available to them.
I do realise that firstly a chroot is possible to break out of, but
it's much more difficult without a real shell account, and secondly
that scponly has had problems in the past. I still feel more
comfortable doing this than any of the alternatives, as it lets my
students use free SFTP software on any platform to have secure remote
access.
I might write the instructions for doing this up and post them
somewhere if anyone is interested.
nigel
--
Nigel Kersten Systems Administrator
College of Fine Arts, UNSW Sydney, Australia.
CRICOS Provider Code: 00098G
