[Freebsd-security] Re: Multi-User Security
Dan Rue
drue at therub.org
Wed May 19 20:30:40 PDT 2004
*Cough *Cough,
On Tue, May 18, 2004 at 06:08:52PM +0200, Remko Lodder wrote:
> Ahem,
>
> D> You generally would like to avoid giving people shell (ssh) access if
> D> you can avoid it. If you must give shell access, it is best to set up a
> D> jail.
>
> D> However, if you're just doing backup/file access - shell access isn't
> D> necessary. You can do ftps, (ports/ftp/bsdftpd-ssl), and easily use
> D> that to chroot users. You can do sftp (without ssh shell access), but
> D> that's trickier to set up.
>
> real tricky :-> scponly-3.8_1|/usr/ports/shells/scponly|/usr/local|A tiny
> shell that only permits scp and
> sftp|/usr/ports/shells/scponly/pkg-descr|rushani at FreeBSD.org|shells|||http:/
> /www.sublimation.org/scponly/
> But not that hard.... ;-)
You obviously havn't tried to chroot scponly users.. _that's_ the tricky
part. Especially if you want it to scale up beyond a handful of users.
If i'm wrong - fill me in i'd love to hear how to do it.
Dan
More information about the freebsd-security
mailing list