Re: Multi-User Security

From: Dan Rue (drue_at_therub.org)
Date: 05/18/04

  • Next message: Remko Lodder: "RE: [Freebsd-security] Re: Multi-User Security"
    Date: Tue, 18 May 2004 11:05:17 -0500
    To: "David E. Meier" <dev@eth0.ch>
    
    

    On Mon, May 17, 2004 at 02:08:40PM +0200, David E. Meier wrote:
    > Hello list.
    >
    > I would like to get your opinion on what is a safe multi-user environment.
    > The scenario:
    >
    > We would like to offer to some customers of ours some sort of network
    > backup/archive. They would put daily or weekly backups from their local
    > machine on our server using rsync and SSH. Therefore, they all have a user
    > account on our server. However, we must ensure that they would absolutely
    > not be able to access any data of each other at all.
    >
    > What is the "best and safest" way to do so? Regular UNIX permission
    > settings? File system ACL's? User jails? Restricting commands in their
    > path environment? Or would it even make sense to encrypt the file system?
    > How would some of the solutions affect data backups/restore on our side?

    You generally would like to avoid giving people shell (ssh) access if
    you can avoid it. If you must give shell access, it is best to set up a
    jail.

    However, if you're just doing backup/file access - shell access isn't
    necessary. You can do ftps, (ports/ftp/bsdftpd-ssl), and easily use
    that to chroot users. You can do sftp (without ssh shell access), but
    that's trickier to set up.

    One popular solution these days is WebDAV. You use it along with
    apache, run it over https, and users can access their files with IE or
    other clients.

    dan
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Remko Lodder: "RE: [Freebsd-security] Re: Multi-User Security"