Permissions on /etc and other folders
I plan on allowing certain users to have ssh access to my server. I am going to configure an ssh jail for them, but to have extra security, which directories are safe to chmod to x00?
I doubt that I can chmod /etc/ to x00, but any other directories? Thanks Also, what should I use to chroot a user into his/her home directory of /home/sshusers/<user>. I need them to be able to follow symlinks |
To understand better, could you indicate what business these users have on the server? I mean is this like a regular shell hosting job, is it part of webhosting, are they developers or system admins? And what distribution+release would the machine run?
|
I am a web developer, and I host all of my clients. Some of them wish to have shell access for developing and testing cgi applications, and editing files securely if they don't have access to FTP.
I am running CentOS 5.3 |
Well, there's restricted shells like Rssh (http://www.cyberciti.biz/tips/rhel-c...ell.html/print), "oldschool" chrooting (http://wiki.linuxquestions.org/wiki/OpenSSH_chrooting) which requires patching OpenSSH and OpenSSH-5 acquired the "ChrootDirectory" directive in 2008 allowing you to chroot users without intervention from other software. Unfortunately that version of OpenSSH is not in 5.3 repo's I know of (I don't use EPEL, CentOSPlus or Singh's repo so do check). With a .spec from a current OpenSSH .src.rpm I think building that version would be easy or apparently recent Fedora RPM could be rebuilt in Centos.
|
All times are GMT -5. The time now is 09:48 AM. |