Re: Multi-User Security

From: Jan Grant (Jan.Grant_at_bristol.ac.uk)
Date: 05/17/04

  • Next message: Richard Coleman: "Re: Multi-User Security"
    Date: Mon, 17 May 2004 14:24:29 +0100 (BST)
    To: Frankye - ML <listsucker@ipv5.net>
    
    

    On Mon, 17 May 2004, Frankye - ML wrote:

    > On Mon, 17 May 2004 14:08:40 +0200 (CEST)
    > "David E. Meier" <dev@eth0.ch> wrote:
    >
    > | We would like to offer to some customers of ours some sort of network
    > | backup/archive. They would put daily or weekly backups from their local
    > | machine on our server using rsync and SSH. Therefore, they all have a
    > | user account on our server. However, we must ensure that they would
    > | absolutely not be able to access any data of each other at all.
    >
    > Just my 2 cents: I've found very useful some shells that permits just some
    > subset of commands, for example shells/scponly, sysutils/bksh or
    > sendmail's smrsh.
    >
    > Since you're using ssh you might also find useful the command= statement
    > in .ssh/authorized_keys

    However, if you are using rsync or some other complex endpoint on the
    server, you are also reliant on that having no way to subvert its
    protocol or operation from the client side. "command=" settings in the
    ssh config are a good starting point, but for defense in depth you
    probably want careful control of filesystem access, be it through a jail
    or some other mechanism.

    -- 
    jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
    Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/
    Not as randy or clumsom as a blaster.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Richard Coleman: "Re: Multi-User Security"

    Relevant Pages

    • How can I restrict incoming root rsync over ssh to specified command?
      ... will use rsync over ssh to pull certain directories from the ssh ... Here's an example of the command, ... Even with the server locked up in a room with no user ...
      (comp.os.linux.security)
    • Re: rsync and ssh simple question
      ... possible to tie an SSH key to a specific command on a remote server, ... For instance, when you run rsync over ssh, the local rsync command ...
      (RedHat)
    • Re: [Info-ingres] problems with ssh
      ... Check the SSHD log on the server for errors. ... ancient version of SSH, unfortunately. ... the command seems to have functioned - but just wont terminate and leaves a process hanging around. ... Duckman: You got anymore of those glues? ...
      (comp.databases.ingres)
    • Re: ssh: start vnc server remotely
      ... > I have x11vnc on my computer and I want to start the server using ssh ... > command in ssh and that command just runs on the computer I'm connected ... The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. ...
      (comp.os.linux.misc)
    • RE: Writing output of a Shell command directly to a file
      ... > activity on the host box during a full backup. ... > backup server it's self (since the backup server may actually ... I can do this on the command line with a ... If you look in the SSH module at the sshroutine, ...
      (perl.beginners)