Shell Server

[William Palfreman]

On Thu, 10 Apr 2003, Ian Barnes wrote:

> Hi,
>
> I am looking at setting up a shell server. This server will host shells for
> various people.
>
> What i would like to know is how i could chroot the users to their own dir's
> and only allow certain users to use certain programs. What is the easiest
> way of giving them certain space on the server and a domainname.com/~user
> web site ? What would be the best way of doing this?? Would it be best to
> use ssh ? Something else i havent thought about with regards to security ???

I know people do chroot users to their own dirs, but I don't because I
think it degrades the user experience.  You could set up a jail system,
but I don't tend to bother, because it interferes with the ability of
users to work on common files, and it wastes disk space IMO.

If I were you, I would use ssh normal logins, and treat the machine as
basically sacrificial.  What I would be tempted to do is have the
webserver on another machine and use an NFS to store their www stuff,
either from the webserver or even from another storage orientated server
altogether.  Then if worst comes to the worst they can damage each
others data, but not effect the actual webserver.  You might find you
still have to give them unencrypted FTP access, in which case
someone sniffing passwords it is quite likely, and being rooted is also
more likely.  With your users data elsewhere, if/when that happens you
can do a nice reinstall without real loss.

-- 
W. Palfreman. 			I'm looking for a job. Read my CV at:
Tel: 0771 355 0354		www.palfreman.com/william/cv-wfp2.html