SSH drop boxes - Limiting users to the one directory?
sgoldman
sgoldman-DPNOqEs/LNQ at public.gmane.org
Mon Jun 18 11:10:22 EDT 2007
Hello Blu,
My customer asked for a Linux box to share data to his customers. I am in the process doing testing.
The idea is each user will have a ssh drop box on a SUSE 10 machine.
The structure would be :
/datastore/sales permissions 700
/datastore/shipping permissions 700
/datastore/support permissions 700
I create a group called "remote" and all of the users are in this group-
The passwd file has been modified so when the users log in they go directly into their repective drop boxes.
They can not access each other directory -
They will be give a GUI based ssh client with windows favor-
The issue I have is that these users can modify the path to download files. They can download any system files they
wish - don't ask me why - other has r -x access.
This is the only function of the box.
They will not own any file outside the directory-
The default group is users - they do not have access - they are in remote-
They can access "other"
I changed the permissions on /etc as root to 750 and it appears now to block access to the directory-
Is there a downside to this approach - it there another way to doing this ?
I just checking in -
Thanks,
Stephen
Stephen Goldman
System Administrator
MIT Biology
sgoldman-3s7WtUTddSA at public.gmane.org
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list