Helo !
I want to do something and I don't know where to start... I want to make a small web hosting server (just for me and a few friends) and for the sake of learning I'd like to make an account for every user. The thing is that I want everyone to log into the server and to be put in his home directory and that directory to be the root directory for that user.
I want to do this with ftpd, sshd and apache. All services for that user must let him in his home directory and he shouldn't be able to go anywhere else (excepting his subdirectories).

For ftpd it's simple... I use ftpchroot. I know that I can recompile the ftp server with it's built-in ls command, but I don't think it's necesarely.

For sshd, and apache I guess that I should do something with chroot... but I don't know what exactly to do... I mean, the root directory will differ for every user...

So, any ideeas or starting points to "acomplish" this it will be apreciated. Of course, any other point of view is welcomed as well.

The operating system I use is FreeBSD 5.4-RELEASE.

Thanks !

Helo!
What you want is possible. I've never tryed it with Apache, but I suppose is the same.
Basically, you need to use a few tools:

• chroot
• sudo
• ldd

The idea is to provide the user only what he needs, so that he can be jailed with chroot.
First, you need to create your chroot jail. To achieve this, you must create a directory structure on each user home as if it was "/". If you choose /home/user for "user" chroot jail, you will need to create inside, at least:
dev/
usr/
usr/bin
usr/lib
var/
etc/
sbin/

After that, you have to copy there the tools and libs the user is going to use. You could use "ldd" to guess which libs each binary needs, and copy them to its appropriate directory. You may want to copy a shell, and some basic commands (cat, grep, more, etc) with the libraries they need to run.
For example, in my AIX box:

$cp /usr/bin/ksh /home/user/usr/bin/ksh
$ldd /usr/bin/ksh 
/usr/bin/ksh needs:
         /usr/lib/libc.a(shr.o)
         /unix
         /usr/lib/libcrypt.a(shr.o)
$cp /usr/lib/libc.a /home/user/usr/lib
$cp /usr/lib/libcrypt.a /home/user/usr/lib

if [ "$1" = "-c" ]; then
        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER $*
else
        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER
fi

user ALL=NOPASSWD:/usr/sbin/chroot /home/user /bin/su - user*

user:!:203:1::/:/usr/bin/ksh

Well... it sounds pretty simple... I'll try later and I hope it is going to work.
Thanks a lot for your answer and for the time spent writing this mini-tutorial

Yes, it's really simple
I think this is valid also for apache... I've tested it in Linux, AIX and Solaris with ftp, telnet, ssh and have no problem... Besides it is easy to automate with scripts if you ar planning to have a large amount of users
I have a more detailed tuto written by me in spanish, but this is an english forum, hehehe...
Good luck with the test!