[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH access restrictions

* Rudi Starcevic schrieb am 19.10.03 um 04:30 Uhr:
> Thanks Marc,
> Thanks also to Russel.
> > I did it with pam_chroot which is really nice
> Great - I'll start looking here.
> Currently we only really offer FTP access but would like
> to include SSH access too.
> I know with the right permissions a user account cannot do
> any damage but I would just like to prevent these people from
> snooping around.
> I want to allow users to be able to SSH in and use things
> like Postgresql, mysql and cron but not read /etc/passwd or 
> /etc/mail/virtusertable etc. etc.


additionally you may want to use the grsecurity Kernelpatch which
makes chroot() environments a lot more secure. Without this patch it
is not too difficult to break out of a chroot.


BUGS My programs  never  have  bugs.  They  just  develop  random
     features.  If you discover such a feature and you want it to
     be removed: please send an email to bug at links2linux.de 

Reply to: