Restrict SSH User Access to System Files

For most shared hosting accounts, you will not give your users SSH access, but there are situations where you might. In those unique situations, you need to make sure that the SSH user cannot frolic freely throughout the filesystem, viewing files that should be restricted to the server administrator.

Unfortunately, there is no easy way to do this. If you only intend to allow SCP and/or SFTP so that users can securely transfer files, you can try limiting their logins to only one of them, excluding shell access. To accomplish this, you can use a tool like Jailkit.

If you absolutely need to give the user full shell access, the user will not be able to execute commands unless he or she can read them, which requires them to at least be able to view system files. The only way to really get around this is to create a full chroot jail for the user, which essentially contains copies of all necessary libraries and other system files within a subsystem, specifically for one user. This is not a very easy task, although Jailkit does simplify the process somewhat.

Because of these filesystem permission limitations, many system administrators will require heightened security for any users that must have shell access. Some web hosts will require a driver’s license or other form of identification. There are also programs like Limited Shell that provide the users with only some of the features normally available in a full Linux or Unix shell, while also logging activity and implementing a timing restriction.

If you are really paranoid and cannot imagine letting a user browse your system files, it is probably better to just disable SSH access completely, excluding your own username.