 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Stephen Goldman
System Administrator
MIT Biology
sgoldman-3s7WtUTddSA at public.gmane.org
----- Original Message -----
From: sgoldman
To: discuss-mNDKBlG2WHs at public.gmane.org
Sent: Monday, June 18, 2007 11:40 AM
Subject: Fw: SSH drop boxes - Limiting users to the one directory?
Sent: Monday, June 18, 2007 11:10 AM
Subject: SSH drop boxes - Limiting users to the one directory?
Hello Blu,
My customer asked for a Linux box to share data to his customers. I am in the process doing testing.
The idea is each user will have a ssh drop box on a SUSE 10 machine.
The structure would be :
/datastore/sales permissions 700
/datastore/shipping permissions 700
/datastore/support permissions 700
I create a group called "remote" and all of the users are in this group-
The passwd file has been modified so when the users log in they go directly into their repective drop boxes.
They can not access each other directory -
They will be give a GUI based ssh client with windows favor-
The issue I have is that these users can modify the path to download files. They can download any system files they
wish - don't ask me why - other has r -x access.
This is the only function of the box.
They will not own any file outside the directory-
The default group is users - they do not have access - they are in remote-
They can access "other"
I changed the permissions on /etc as root to 750 and it appears now to block access to the directory-
Is there a downside to this approach - it there another way to doing this ?
I just checking in -
Thanks,
Stephen
Stephen Goldman
System Administrator
MIT Biology
sgoldman-3s7WtUTddSA at public.gmane.org
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
