Re: Multi-User Security

From: Jan Grant (
Date: 05/17/04

  • Next message: Richard Coleman: "Re: Multi-User Security"
    Date: Mon, 17 May 2004 14:24:29 +0100 (BST)
    To: Frankye - ML <>

    On Mon, 17 May 2004, Frankye - ML wrote:

    > On Mon, 17 May 2004 14:08:40 +0200 (CEST)
    > "David E. Meier" <> wrote:
    > | We would like to offer to some customers of ours some sort of network
    > | backup/archive. They would put daily or weekly backups from their local
    > | machine on our server using rsync and SSH. Therefore, they all have a
    > | user account on our server. However, we must ensure that they would
    > | absolutely not be able to access any data of each other at all.
    > Just my 2 cents: I've found very useful some shells that permits just some
    > subset of commands, for example shells/scponly, sysutils/bksh or
    > sendmail's smrsh.
    > Since you're using ssh you might also find useful the command= statement
    > in .ssh/authorized_keys

    However, if you are using rsync or some other complex endpoint on the
    server, you are also reliant on that having no way to subvert its
    protocol or operation from the client side. "command=" settings in the
    ssh config are a good starting point, but for defense in depth you
    probably want careful control of filesystem access, be it through a jail
    or some other mechanism.

    jan grant, ILRT, University of Bristol.
    Tel +44(0)117 9287088 Fax +44 (0)117 9287112
    Not as randy or clumsom as a blaster.
    _______________________________________________ mailing list
    To unsubscribe, send any mail to ""

  • Next message: Richard Coleman: "Re: Multi-User Security"