Chrooting SSH
Daniel Bye
dan at slightlystrange.org
Fri Apr 11 17:38:30 PDT 2003
On Fri, Apr 11, 2003 at 11:37:32PM +0200, Ian Barnes wrote:
> Hi,
>
> I have a few questions for the brains around.
>
> 1.)I am going to set up a shell server. I want to CHRoot the users, and
> allow them access to certain programs only. There will be different levels
> on the server, so i want to be able to control what level user can use what
> program (WOW!).
chrootssh was mentioned on the list a couple of days ago. It may be what
you need:
http://chrootssh.sourceforge.net
There are several ways you could set up the different "levels" of access -
using traditional UNIX groups is maybe the easiest, or you could really take
advantage of chrootssh's caabilities, and build multiple chroot
environments. This is a lot more work though.
You might even consider using jail(8), if you have enough IP addresses.
> 2.)I also want to implement bandwidth management, please point me in the
> right direction to finding a good tutorial on how to do this.
Dummynet is your friend. The ipfw(8) man page should get you started, or
try googling - even a one-word search brings back loads of useful looking
resources.
> 3.)What firewall should i use ... IPFW or IPF ? Im not going to be doing
> NAT, just basic firewalling, but i need it to be secure. Which is the easist
> to learn etc.
IPFW - it provides dummynet to satisfy 2) above.
...
> 5.)Setting up quotas for each user. Saying X is allowed 10meg while Y is
> allowed 50meg etc.
FreeBSD provides a disk quota mechanism - check the documentation in the
handbook at
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/quotas.html
It should be enough to get you started.
Dan
--
Daniel Bye
PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
More information about the freebsd-questions
mailing list