|
[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[NMLUG] restricted user security problem -- help?
havoc wrote:
> so, I have a user whom I need to give access to upload files to the
> server, BUT
> - I turn off FTP by default
> - I default to ssh (scp) for file transfers
> - the Rackspace KnowlegeBase suggests rbash -- what a joke!
> - user must be able to put files into subdirectories.
> - because of potentially sensitive information, I do not want user to
> be able to access (or read) any of the other 755 /home directories.
>
> any ideas?
>
> jody
I have a similar situation. I have been trying to figure out how to configure a server to do virtual web hosting and let
users upload to their web site, but not browse the whole system.
The best (most secure) way I have found is using usermode Linix.
http://user-mode-linux.sourceforge.net/
But that seems to be way overkill for users that are probably mostly trustworthy.
I suspect chrooting the user to their home directory in their login script may be the way to go. I think scponly will do
this but I have not had time to check it out.
scponly home page.
http://www.sublimation.org/scponly/
You might also try a web search on "chroot login"
Let us know if how you resolve this.
Mars
--
=============================================================
J. Marsden DeLapp, PE
President
DeLapp & Associates, Inc. dba DeLapp Engineering
Providing lighting and power planning, design and analysis services
for commercial, industrial and large residential facilities.
1300 Luisa St Ste 23
Santa Fe NM 87505
(505) 983-5557
http://DeLapp.com
=============================================================
|
|
