Date: Sat, 12 Apr 2003 01:38:22 +0100 From: Daniel Bye <dan@slightlystrange.org> To: questions@freebsd.org Subject: Re: Chrooting SSH Message-ID: <20030412003821.GB21606@catflap.home.slightlystrange.org> In-Reply-To: <PPECLBJKHADMJKGPJMEFEEPFCCAA.ian@cerebellum.za.net> References: <PPECLBJKHADMJKGPJMEFEEPFCCAA.ian@cerebellum.za.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 11, 2003 at 11:37:32PM +0200, Ian Barnes wrote: > Hi, > > I have a few questions for the brains around. > > 1.)I am going to set up a shell server. I want to CHRoot the users, and > allow them access to certain programs only. There will be different levels > on the server, so i want to be able to control what level user can use what > program (WOW!). chrootssh was mentioned on the list a couple of days ago. It may be what you need: http://chrootssh.sourceforge.net There are several ways you could set up the different "levels" of access - using traditional UNIX groups is maybe the easiest, or you could really take advantage of chrootssh's caabilities, and build multiple chroot environments. This is a lot more work though. You might even consider using jail(8), if you have enough IP addresses. > 2.)I also want to implement bandwidth management, please point me in the > right direction to finding a good tutorial on how to do this. Dummynet is your friend. The ipfw(8) man page should get you started, or try googling - even a one-word search brings back loads of useful looking resources. > 3.)What firewall should i use ... IPFW or IPF ? Im not going to be doing > NAT, just basic firewalling, but i need it to be secure. Which is the easist > to learn etc. IPFW - it provides dummynet to satisfy 2) above. ... > 5.)Setting up quotas for each user. Saying X is allowed 10meg while Y is > allowed 50meg etc. FreeBSD provides a disk quota mechanism - check the documentation in the handbook at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/quotas.html It should be enough to get you started. Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030412003821.GB21606>