Date: Sat, 26 May 2001 23:26:46 -0600 (MDT) From: "Forrest W. Christian" <forrestc@imach.com> To: Jorge Biquez <jbiquez@icsmx.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Advice on ISP services Please. Message-ID: <Pine.BSF.4.21.0105262317280.12299-100000@workhorse.iMach.com> In-Reply-To: <5.0.2.1.2.20010526221708.02912720@icsmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 26 May 2001, Jorge Biquez wrote: > - How to restrict the access of FTP to only the specified directory of the > user. And that they can not see other users directories. List the user in /etc/ftpchroot (see man ftpd) > - How to implement quotas with FTP so users only can have a limit on space. Just use standard freebsd quotas. man quota, quotaon, edquota, etc. etc., plus configuration options in /etc/rc.conf (as described in /etc/defaults/rc.conf) > - How to avoid users have access to telnet services. Set shell as something listed in /etc/shells but not a valid shell. I believe /usr/bin/true is commonly used for this.... (You may have to edit /etc/shells) > - How to avoid that a script of a user can consume lot of resources and > could crash the machine. Avoid scripts altogether, OR, do something else. Scripts are a pain. You essentially bypass almost all of your security if you permit user-provided scripts. There isn't a really good way to handle them. If this is a must, then look at the apache stuff to set the uid running the script to the user. A script can still look at about everything on the machine. You may want to force user directories to be owned by the same group as the web server runs as, and set the permissions on directories to 770. Have the users in a different group. That way, only the web server and the user can read the directory. Did I mention scripts are a pain? - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0105262317280.12299-100000>