[plug] Re: restricting user access
Chris Watt
something.rotten at gmail.com
Thu May 5 12:40:04 WST 2005
Had a talk to Greg (Pegasus Admin) and he says that he only locks
users into their home directory via the FTP server. This still locks
you into your home directory when you log directly into pegasus (via
ssh, etc.). I'm not 100% sure how he does it.
Sorry I wasn't of much use.
On 5/5/05, Daniel Axtens <danielax at gmail.com> wrote:
> If you do need to provide shell functionality, I suggest busybox
> (busybox.net). IIRC it provides all your favourite shell commands,
> like ls/cd/etc, in one binary.
>
> HTH,
> Daniel
>
> On 5/4/05, Jon Miller <jlmiller at mmtnetworks.com.au> wrote:
> > Thanks I would appreciate it.
> >
> > Jon
> >
> > >>> something.rotten at gmail.com 7:26:23 pm 4/05/2005 >>>
> > I'll have to check but on Pegasus I believe we chroot into our home
> > directories and the same style thing when we vnc or ftp in, ftp gives
> > home and vnc gives you a screen as though your logged in to, say, a
> > winxp machine (without the security holes)
> >
> > i can check on it if you'd like...we may have a few docvs about it too
> >
> > On 5/4/05, Jon Miller <jlmiller at mmtnetworks.com.au> wrote:
> > > No it'll have to be chroot, because we do not want the user to be able to see any other file other than whats in their home directory. They are not allowed to cd to any other location.
> > >
> > > I'll have a read on chroot.
> > >
> > > Thanks
> > >
> > > >>> danielax at gmail.com 5:20:40 pm 4/05/2005 >>>
> > > Restrict in what way?
> > > If you want to prevent users from modifying[1] any files that are not
> > > in their home directory, or reading others files, then you need to set
> > > restrictive permissions - for example, the users' home directories
> > > should probably have 700 (or rwx------) as their permissions, and
> > > permissions elsewhere should be locked down.
> > >
> > > If you want to prevent users from even seeing anything else: if you
> > > want them to think that they are at ther root of the filesystem, you
> > > might want to look into chroot. Unfortunatly, this can get
> > > complicated, as they then need, for example, their own shell if they
> > > are going to log in interactively.
> > >
> > > If I've misunderstood you, please let me know.
> > >
> > > HTH,
> > > Daniel
> > >
> > > [1] Users still need to be able to access /usr, for example, as they
> > > need shells/programs/etc.
> > >
> > > On 5/4/05, Jon Miller <jlmiller at mmtnetworks.com.au> wrote:
> > > > Like to know how to restrict a users access to just the directory they are
> > > > assigned to. This is on a Debian server.
> > > >
> > > >
> > > > Thanks
> > > >
> > > > _______________________________________________
> > > > PLUG discussion list: plug at plug.org.au
> > > > http://www.plug.org.au/mailman/listinfo/plug
> > > > Committee e-mail: committee at plug.linux.org.au
> > > >
> > >
> > > --
> > > Neuronstorm: neuronstorm.sourceforge.net
> > > The Neuronstorm Blog: leinad-golb.blogspot.com
> > > _______________________________________________
> > > PLUG discussion list: plug at plug.org.au
> > > http://www.plug.org.au/mailman/listinfo/plug
> > > Committee e-mail: committee at plug.linux.org.au
> > >
> > >
> > > _______________________________________________
> > > PLUG discussion list: plug at plug.org.au
> > > http://www.plug.org.au/mailman/listinfo/plug
> > > Committee e-mail: committee at plug.linux.org.au
> > >
> > >
> > >
> > >
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au
> > http://www.plug.org.au/mailman/listinfo/plug
> > Committee e-mail: committee at plug.linux.org.au
> >
> >
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au
> > http://www.plug.org.au/mailman/listinfo/plug
> > Committee e-mail: committee at plug.linux.org.au
> >
> >
> >
> >
>
> --
> Neuronstorm: neuronstorm.sourceforge.net
> The Neuronstorm Blog: leinad-golb.blogspot.com
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
More information about the plug
mailing list