Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 02-13-2005, 03:03 PM   #1
Registered: Oct 2003
Location: Singapore
Distribution: debian
Posts: 162

Rep: Reputation: 30
Shell Provider


With limited knowledge of mine, i'm planning to offer free shell services like or to my school for local user access on 10.x.x.x.

I'm wondering how can I make sure there arent shell people who will misuse the system and read my /etc/passwd /etc/shadow passwords?

How do i place permission limitations on their account?


Last edited by nistelrooy; 02-13-2005 at 03:04 PM.
Old 02-13-2005, 04:20 PM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Re: Shell Provider

I'm wondering how can I make sure there arent shell people who will misuse the system and read my /etc/passwd /etc/shadow passwords?
Don't give shell accounts to sketchy people that you don't know or who live farther away than you can drive with a baseball bat

Running a shell server is a little different than running other types of servers. Since everyone already has user level access, preventing local root exploits or other types of privilege escalation attacks is going to be extremely important, as will locking down file permissions that are a liitle too relaxed on a standard linux distro. Definitely look into kernel hardening with something like the openwall patches or grsecurity. Make sure to incorporate some form of stack protection like PaX or Exec Shield as well. For locking down the standard linux file permissions (DAC) take a look at bastille Linux or you can go with an alternate form of access control entirely and switch to a MAC system (like that used by LIDS) or RBAC or RSBAC systems.

How do i place permission limitations on their account?
For creating restricted shell environments, you can use something like rbash or preferably a chroot jail. There are several guides and projects specifically devoted to chroot jails that you can find in unSpawn's Security references thread. Chroot jails aren't a perfect solution, so hardening the rest of the system is an absolute necessity. Also remember that the less tools you give the shell users, the less things they have available to try and break. The same applies to the overall system itself, the less applications and daemons the better. Obviously general security measures like keeping up with security patches is going to be extremely important as well.

Last edited by Capt_Caveman; 02-13-2005 at 04:21 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple provider gateway netboy Linux - Networking 1 11-21-2005 06:55 PM
My provider does not allow me to route the trafic??? sys7em Linux - Networking 1 11-03-2004 05:43 PM
What's your internet provider ? jhemono General 33 05-21-2004 05:59 AM
Internet service provider miebro Linux - Software 12 11-16-2003 02:13 PM
Being my own provider, Finally thanks to linux Satriani Member Success Stories 1 05-29-2003 10:14 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:47 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration