Re: [Freebsd-security] Re: Multi-User Security

*Cough *Cough, 

On Tue, May 18, 2004 at 06:08:52PM +0200, Remko Lodder wrote:
> Ahem,
> 
> D> You generally would like to avoid giving people shell (ssh) access if
> D> you can avoid it.  If you must give shell access, it is best to set up a
> D> jail.
> 
> D> However, if you're just doing backup/file access - shell access isn't
> D> necessary.  You can do ftps, (ports/ftp/bsdftpd-ssl), and easily use
> D> that to chroot users.  You can do sftp (without ssh shell access), but
> D> that's trickier to set up.
> 
> real tricky :-> scponly-3.8_1|/usr/ports/shells/scponly|/usr/local|A tiny
> shell that only permits scp and
> sftp|/usr/ports/shells/scponly/pkg-descr|rushani@FreeBSD.org|shells|||http:/
> /www.sublimation.org/scponly/
> But not that hard.... ;-)

You obviously havn't tried to chroot scponly users.. _that's_ the tricky
part.  Especially if you want it to scale up beyond a handful of users.
If i'm wrong - fill me in i'd love to hear how to do it.

Dan
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"