Proper chrooting and SFTP with OpenSSH should be done like this in sshd_config:
Subsystem sftp internal-sftp
Match Group sftponly ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no
Then it's just a matter of adding accounts to the 'sftponly' group. Works like a charm in OpenSSH 5.3, may work in some earlier versions but it's a fairly recent feature.
Making the half-assed GUI so lousy that people will actually prefer a command line interface is not the right way to go about doing things
Say, did you ever wonder why we have written and spoken language and have kids go through years of trouble mastering them? It's because a language with grammar has great symbol manipulating power. Much more than pointing at things. Imagine going through your daily communications with Pictionary.
I do not want to play Pictionary with my computer systems. I know very well what I want, and I know how to express it in a symbol manipulation language, that's why I use a shell. It is not because of a lack of a proper GUI that I do that. It's because written language works so much better than Pictionary.
And when I do use GUI's (on X11), I find I can have features that Win/Mac won't give me. Proper input focus models (e.g. scrolling in arbitrary windows without giving them input focus). Real copy-paste via the X selection buffer (instead of the select-copy-position-paste operation).
Why wouldn't you want to USE a GRAPHICAL user interface to it?
Well, the ability to do arbitrary mplayer-foo from my comfy chair with my laptop over SSH over WiFi to the mouse-and-keyboardless machine that's sitting in the closet driving my TV comes in quite handy thankyouverymuch. Plus it makes people point and gasp.
but this is just making your life more complicated for no good reason.
If anything, CLI's such as MPlayers' have made my life much *less* complicated thankyouverymuch. CLI's do not always exist because the devs are too lazy to cock up some GUI, you know.
Slashdot Mirror
That, and some more of the needed tricks (secure cookie handling), can be done with SSLstrip.
Then it's just a matter of adding accounts to the 'sftponly' group. Works like a charm in OpenSSH 5.3, may work in some earlier versions but it's a fairly recent feature.
Making the half-assed GUI so lousy that people will actually prefer a command line interface is not the right way to go about doing things
Say, did you ever wonder why we have written and spoken language and have kids go through years of trouble mastering them? It's because a language with grammar has great symbol manipulating power. Much more than pointing at things. Imagine going through your daily communications with Pictionary. I do not want to play Pictionary with my computer systems. I know very well what I want, and I know how to express it in a symbol manipulation language, that's why I use a shell. It is not because of a lack of a proper GUI that I do that. It's because written language works so much better than Pictionary. And when I do use GUI's (on X11), I find I can have features that Win/Mac won't give me. Proper input focus models (e.g. scrolling in arbitrary windows without giving them input focus). Real copy-paste via the X selection buffer (instead of the select-copy-position-paste operation).
Why wouldn't you want to USE a GRAPHICAL user interface to it?
Well, the ability to do arbitrary mplayer-foo from my comfy chair with my laptop over SSH over WiFi to the mouse-and-keyboardless machine that's sitting in the closet driving my TV comes in quite handy thankyouverymuch. Plus it makes people point and gasp.
but this is just making your life more complicated for no good reason.
If anything, CLI's such as MPlayers' have made my life much *less* complicated thankyouverymuch. CLI's do not always exist because the devs are too lazy to cock up some GUI, you know.
rm -rf ~/.macromedia/Flash_Player/\#SharedObjects/* && chmod u-w ~/.macromedia/Flash_Player/\#SharedObjects/