Re: Help needed with server setup at work

To: debian-user@lists.debian.org
Subject: Re: Help needed with server setup at work
From: Greg Folkert <greg@gregfolkert.net>
Date: Mon, 23 Apr 2007 13:52:58 -0400
Message-id: <[🔎] 1177350778.8634.83.camel@princess.gregfolkert.net>
In-reply-to: <[🔎] 20070423193950.3ec968ef.coolzone@it.dk>
References: <[🔎] 20070423052435.222b6296.coolzone@it.dk> <[🔎] 1177342002.8634.28.camel@princess.gregfolkert.net> <[🔎] 20070423193950.3ec968ef.coolzone@it.dk>

On Mon, 2007-04-23 at 19:39 +0200, Rico Secada wrote:
> On Mon, 23 Apr 2007 11:26:42 -0400
> Greg Folkert <greg@gregfolkert.net> wrote:
> > > About the union thing I first thought of somehow union mouting all the
> > > different home directories on a single machine which then serves as
> > > the access point, but I am affraid if that particular machine crashes,
> > > then no one can get to their files. 
> > > 
> > > Good ideas and experiences are greatly appreciated! 
> > 
> > Lookup sshfs (or shfs as it is commonly know) it is completely at the
> > whim of the user. They use an existing well known, well vetted daemon
> > (openssh-server) and in a local environment (meaning no slow links) with
> > 100Mbit/sec, I get nearly line speed transfer rates (100Mbit/sec ==
> > 11MByte/sec).
> > 
> > Though you will need to beef up end user knowledge about strong
> > passwords and key-auth only authentication, it'll more than makeup for
> > the traveling or remote user.
> > 
> > I can say that sshfs is probably the singe best thing I've seen come
> > along in a long time. Mainly because, if you already have established
> > good SSH practices, there is really no additional server-side setup you
> > need to use.
> 
> Thank you very much for your reply Greg. This is a very good solution
> but it does provide one obstacle since users do not have SSH access to
> the servers. If I where to use this solutuion I somehow need to jail
> the users to their home directories. As far as I know its not possible
> with SSH. 

Why would you need to jail them?

With properly setup homedirs (chmod 0700) nothing needs to be worried
about as far as seeing other peoples stuff. And as long as they are only
users, no other groups besides their own group. There is no need to
worry. For example:

	username: joe UID=1110 GID=1110

No other membership in any additional group. Only can see his stuff
period.

Infact, it is better than nfs or cifs in regards to security. EVERYTHING
is in userland and only allows them access to their own stuff on the
server... even IF they ssh in.
-- 
greg, greg@gregfolkert.net

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Help needed with server setup at work
  - From: Rico Secada <coolzone@it.dk>
- Re: Help needed with server setup at work
  - From: Rico Secada <coolzone@it.dk>

References:
- Help needed with server setup at work
  - From: Rico Secada <coolzone@it.dk>
- Re: Help needed with server setup at work
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: Help needed with server setup at work
  - From: Rico Secada <coolzone@it.dk>

Prev by Date: Re: Newbie Aptitude Question about Security Updates
Next by Date: Problems with and unrecognized soundcard
Previous by thread: Re: Help needed with server setup at work
Next by thread: Re: Help needed with server setup at work
Index(es):
- Date
- Thread