 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Thanks John,
I missed the chatter..
Stephen
Stephen Goldman
System Administrator
MIT Biology
sgoldman-3s7WtUTddSA at public.gmane.org
----- Original Message -----
From: "sgoldman" <sgoldman-DPNOqEs/LNQ at public.gmane.org>
To: <discuss-mNDKBlG2WHs at public.gmane.org>
Sent: Monday, June 18, 2007 11:10 AM
Subject: SSH drop boxes - Limiting users to the one directory?
Hello Blu,
My customer asked for a Linux box to share data to his
customers. I am in the process doing testing.
The idea is each user will have a ssh drop box on a SUSE 10
machine.
The structure would be :
/datastore/sales permissions 700
/datastore/shipping permissions 700
/datastore/support permissions 700
I create a group called "remote" and all of the users are in this
group-
The passwd file has been modified so when the users log in they
go directly into their repective drop boxes.
They can not access each other directory -
They will be give a GUI based ssh client with windows favor-
The issue I have is that these users can modify the path to
download files. They can download any system files they
wish - don't ask me why - other has r -x access.
This is the only function of the box.
They will not own any file outside the directory-
The default group is users - they do not have access - they are
in remote-
They can access "other"
I changed the permissions on /etc as root to 750 and it appears
now to block access to the directory-
Is there a downside to this approach - it there another way to
doing this ?
I just checking in -
Thanks,
Stephen
Stephen Goldman
System Administrator
MIT Biology
sgoldman-3s7WtUTddSA at public.gmane.org
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Discuss mailing list
Discuss-mNDKBlG2WHs at public.gmane.org
http://lists.blu.org/mailman/listinfo/discuss
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
