Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 12 Apr 2003 01:38:22 +0100
From:      Daniel Bye <dan@slightlystrange.org>
To:        questions@freebsd.org
Subject:   Re: Chrooting SSH
Message-ID:  <20030412003821.GB21606@catflap.home.slightlystrange.org>
In-Reply-To: <PPECLBJKHADMJKGPJMEFEEPFCCAA.ian@cerebellum.za.net>
References:  <PPECLBJKHADMJKGPJMEFEEPFCCAA.ian@cerebellum.za.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Apr 11, 2003 at 11:37:32PM +0200, Ian Barnes wrote:
> Hi,
> 
> I have a few questions for the brains around.
> 
> 1.)I am going to set up a shell server. I want to CHRoot the users, and
> allow them access to certain programs only. There will be different levels
> on the server, so i want to be able to control what level user can use what
> program (WOW!).

chrootssh was mentioned on the list a couple of days ago.  It may be what
you need:

http://chrootssh.sourceforge.net

There are several ways you could set up the different "levels" of access -
using traditional UNIX groups is maybe the easiest, or you could really take
advantage of chrootssh's caabilities, and build multiple chroot
environments.  This is a lot more work though.

You might even consider using jail(8), if you have enough IP addresses.

> 2.)I also want to implement bandwidth management, please point me in the
> right direction to finding a good tutorial on how to do this.

Dummynet is your friend.  The ipfw(8) man page should get you started, or
try googling - even a one-word search brings back loads of useful looking
resources.

> 3.)What firewall should i use ... IPFW or IPF ? Im not going to be doing
> NAT, just basic firewalling, but i need it to be secure. Which is the easist
> to learn etc.

IPFW - it provides dummynet to satisfy 2) above.

...

> 5.)Setting up quotas for each user. Saying X is allowed 10meg while Y is
> allowed 50meg etc.

FreeBSD provides a disk quota mechanism - check the documentation in the
handbook at
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/quotas.html
It should be enough to get you started.

Dan

-- 
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030412003821.GB21606>