Date: Thu, 10 Apr 2003 21:57:27 +0100 (BST) From: William Palfreman <william@palfreman.com> To: Ian Barnes <ian@cerebellum.za.net> Cc: freebsd-questions@freebsd.org Subject: Re: Shell Server Message-ID: <20030410213146.N40826@ndhn.yna.cnyserzna.pbz> In-Reply-To: <PPECLBJKHADMJKGPJMEFEEKNCCAA.ian@cerebellum.za.net> References: <PPECLBJKHADMJKGPJMEFEEKNCCAA.ian@cerebellum.za.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Apr 2003, Ian Barnes wrote: > Hi, > > I am looking at setting up a shell server. This server will host shells for > various people. > > What i would like to know is how i could chroot the users to their own dir's > and only allow certain users to use certain programs. What is the easiest > way of giving them certain space on the server and a domainname.com/~user > web site ? What would be the best way of doing this?? Would it be best to > use ssh ? Something else i havent thought about with regards to security ??? I know people do chroot users to their own dirs, but I don't because I think it degrades the user experience. You could set up a jail system, but I don't tend to bother, because it interferes with the ability of users to work on common files, and it wastes disk space IMO. If I were you, I would use ssh normal logins, and treat the machine as basically sacrificial. What I would be tempted to do is have the webserver on another machine and use an NFS to store their www stuff, either from the webserver or even from another storage orientated server altogether. Then if worst comes to the worst they can damage each others data, but not effect the actual webserver. You might find you still have to give them unencrypted FTP access, in which case someone sniffing passwords it is quite likely, and being rooted is also more likely. With your users data elsewhere, if/when that happens you can do a nice reinstall without real loss. -- W. Palfreman. I'm looking for a job. Read my CV at: Tel: 0771 355 0354 www.palfreman.com/william/cv-wfp2.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030410213146.N40826>