Fw: SSH drop boxes - Limiting users to the one directory?

sgoldman sgoldman-DPNOqEs/LNQ at public.gmane.org
Mon Jun 18 11:40:37 EDT 2007


Sent: Monday, June 18, 2007 11:10 AM
Subject: SSH drop boxes - Limiting users to the one directory?


Hello Blu,
            My customer asked for a Linux box to share data to his customers. I am in the process doing testing.

           The idea is each user will have a ssh drop box on a SUSE 10 machine.

            The structure would be :
             /datastore/sales          permissions 700 
            /datastore/shipping       permissions 700
            /datastore/support        permissions 700

            
           I create a group called "remote" and all of the users are in this group-
           The passwd file has been modified so when the users log in they go directly into their repective drop boxes.

           They can not access each other directory -

            They will be give a GUI based ssh client with windows favor- 

           The issue I have is that these users can modify the path to download files. They can download any system files they 
wish - don't ask me why  - other has r -x access. 
     
            This is the only function of the box.     

            They will not own any file outside the directory-
            The default group is users - they do not have access - they are in remote-
            They can access "other"    

            I changed the permissions on /etc as root to 750 and it appears now to block access to the directory-

            Is there a downside to this approach - it there another way to doing this ? 

            I just checking in -

Thanks,
Stephen


            



Stephen Goldman 
System Administrator
MIT Biology
sgoldman-3s7WtUTddSA at public.gmane.org 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.






More information about the Discuss mailing list