Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BLU EMAIL WORKING- THANKS JOHN! issue resolved



Thanks John,
        I missed the chatter..
Stephen





Stephen Goldman
System Administrator
MIT Biology
sgoldman-3s7WtUTddSA at public.gmane.org

----- Original Message ----- 
From: "sgoldman" <sgoldman-DPNOqEs/LNQ at public.gmane.org>
To: <discuss-mNDKBlG2WHs at public.gmane.org>
Sent: Monday, June 18, 2007 11:10 AM
Subject: SSH drop boxes - Limiting users to the one directory?


Hello Blu,
            My customer asked for a Linux box to share data to his 
customers. I am in the process doing testing.

           The idea is each user will have a ssh drop box on a SUSE 10 
machine.

            The structure would be :
             /datastore/sales          permissions 700
            /datastore/shipping       permissions 700
            /datastore/support        permissions 700


           I create a group called "remote" and all of the users are in this 
group-
           The passwd file has been modified so when the users log in they 
go directly into their repective drop boxes.

           They can not access each other directory -

            They will be give a GUI based ssh client with windows favor-

           The issue I have is that these users can modify the path to 
download files. They can download any system files they
wish - don't ask me why  - other has r -x access.

            This is the only function of the box.

            They will not own any file outside the directory-
            The default group is users - they do not have access - they are 
in remote-
            They can access "other"

            I changed the permissions on /etc as root to 750 and it appears 
now to block access to the directory-

            Is there a downside to this approach - it there another way to 
doing this ?

            I just checking in -

Thanks,
Stephen






Stephen Goldman
System Administrator
MIT Biology
sgoldman-3s7WtUTddSA at public.gmane.org

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss-mNDKBlG2WHs at public.gmane.org
http://lists.blu.org/mailman/listinfo/discuss


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org