-schsh
-=====
-
Introduction
------------
-This is [schsh][0], a schroot-based shell.
+Welcome to [schsh][SCHSH], a schroot-based shell.
-The purpose is simple: I want to provide users with scp, sftp and rsync access
+Its purpose is simple: I want to provide users with scp, sftp and rsync access
to my server, such that they can only operate in a certain subdirectory.
There are plenty of solutions for this problem out there, and all have one
drawback in common:
configured to be read-only and no-setuid, while the only user-writeable folder
is no-exec.
-[0]: http://www.ralfj.de/projects/schsh/
+[SCHSH]: http://www.ralfj.de/projects/schsh/
Setup
-----
Before you start, make sure you have the dependencies installed:
-schsh needs [Python 3][0] (I tested it with version 3.2) and [schroot][1]
-(version 1.6 or newer).
+schsh needs [Python 3][PYTHON] (I tested it with version 3.2) and
+[schroot][SCHROOT] (version 1.6 or newer).
Installation is simple: Just run ```make install```. That will copy some files
to ```/usr/local/bin```, and some configuration to ```/etc/schroot/```.
group called ```schsh``` exist.
You should also set up SSH to disallow port forwarding for users controlled by
-schsh. See ```sshd_config``` in this folder for an appropriate snippet of
-OpenSSH configuration.
+schsh. See ```sshd_config``` in the source folder for an appropriate snippet
+of OpenSSH configuration.
Before you can set up schsh for a user, you need to create it first:
subfolders as well as ```/etc/passwd``` and ```/etc/group``` containing
only root, this user and the ```schsh``` group
* Add the user to the ```schsh``` group
-* Add a schroot called schsh-sandboxed for the given folder, and an fstab file
- in ```/etc/schroot/schsh``` used by this schroot
+* Set up a schroot called ```schsh-sandboxed``` for the given folder, and an
+ fstab file in ```/etc/schroot/schsh``` used by this schroot
Now if the user logs in via SSH, ```/usr/local/bin/schsh``` will be executed,
and it will lock the user into the schroot ```schsh-sandboxed```. It will
only see some system folders and a folder called ```/data``` mapped to
-```/home/sandboxed/data```. If you want to give the user access to more folders,
-or another folder, simply edit ```/etc/schroot/schsh/sandboxed.fstab```.
+```/home/sandboxed/data```. If you want to give the user access to more
+folders, or another folder, simply edit ```/etc/schroot/schsh/sandboxed.fstab```.
The only part of schsh writing any files is ```makeschsh```, so you can change
the users' schroot configurations at your will.
-[0]: http://www.python.org
-[1]: http://packages.qa.debian.org/s/schroot.html
+[PYTHON]: http://www.python.org
+[SCHROOT]: https://wiki.debian.org/Schroot
Configuration
-------------
Source, License
---------------
-You can find the sources in the [git repository][GIT]. They are provided under the [GPLv3][GPL3].
-In addition, all files except for ```schsh-rrsync``` are provided under the [GPLv2][GPL2] or
-(at your option) any later vrsion of the GPL.
+You can find the sources in the [git repository][GIT]. They are provided under
+the [GPLv3][GPL3]. In addition, all files except for ```schsh-rrsync``` are
+provided under the [GPLv2][GPL2] or (at your option) any later version of the
+GPL.
[GIT]: http://www.ralfj.de/git/schsh.git
[GPL3]: https://www.gnu.org/licenses/gpl.html