Re: Help needed with server setup at work

To: greg@gregfolkert.net
Cc: debian-user@lists.debian.org
Subject: Re: Help needed with server setup at work
From: Rico Secada <coolzone@it.dk>
Date: Mon, 23 Apr 2007 21:17:10 +0200
Message-id: <[🔎] 20070423211710.483605a9.coolzone@it.dk>
In-reply-to: <[🔎] 1177350778.8634.83.camel@princess.gregfolkert.net>
References: <[🔎] 20070423052435.222b6296.coolzone@it.dk> <[🔎] 1177342002.8634.28.camel@princess.gregfolkert.net> <[🔎] 20070423193950.3ec968ef.coolzone@it.dk> <[🔎] 1177350778.8634.83.camel@princess.gregfolkert.net>

On Mon, 23 Apr 2007 13:52:58 -0400
Greg Folkert <greg@gregfolkert.net> wrote:

> On Mon, 2007-04-23 at 19:39 +0200, Rico Secada wrote:
> > On Mon, 23 Apr 2007 11:26:42 -0400
> > Greg Folkert <greg@gregfolkert.net> wrote:
> > > > About the union thing I first thought of somehow union mouting all the
> > > > different home directories on a single machine which then serves as
> > > > the access point, but I am affraid if that particular machine crashes,
> > > > then no one can get to their files. 
> > > > 
> > > > Good ideas and experiences are greatly appreciated! 
> > > 
> > > Lookup sshfs (or shfs as it is commonly know) it is completely at the
> > > whim of the user. They use an existing well known, well vetted daemon
> > > (openssh-server) and in a local environment (meaning no slow links) with
> > > 100Mbit/sec, I get nearly line speed transfer rates (100Mbit/sec ==
> > > 11MByte/sec).
> > > 
> > > Though you will need to beef up end user knowledge about strong
> > > passwords and key-auth only authentication, it'll more than makeup for
> > > the traveling or remote user.
> > > 
> > > I can say that sshfs is probably the singe best thing I've seen come
> > > along in a long time. Mainly because, if you already have established
> > > good SSH practices, there is really no additional server-side setup you
> > > need to use.
> > 
> > Thank you very much for your reply Greg. This is a very good solution
> > but it does provide one obstacle since users do not have SSH access to
> > the servers. If I where to use this solutuion I somehow need to jail
> > the users to their home directories. As far as I know its not possible
> > with SSH. 
> 
> Why would you need to jail them?
> 
> With properly setup homedirs (chmod 0700) nothing needs to be worried
> about as far as seeing other peoples stuff. And as long as they are only
> users, no other groups besides their own group. There is no need to
> worry. For example:
> 
> 	username: joe UID=1110 GID=1110
> 
> No other membership in any additional group. Only can see his stuff
> period.
> 
> Infact, it is better than nfs or cifs in regards to security. EVERYTHING
> is in userland and only allows them access to their own stuff on the
> server... even IF they ssh in.

Thank you very much for your replys Greg!

What about them poking around on the server setup? If they ssh in, they can poke around, but does this pose a risk? Them looking around in /etc or perhaps other places. And again what commands can they use in this situation.

> -- 
> greg, greg@gregfolkert.net
> 
> Novell's Directory Services is a competitive product to Microsoft's
> Active Directory in much the same way that the Saturn V is a competitive
> product to those dinky little model rockets that kids light off down at
> the playfield. -- Thane Walkup
> 
-- 
Best and kind regards
Rico Secada

Reply to:

Follow-Ups:
- Re: Help needed with server setup at work
  - From: Greg Folkert <greg@gregfolkert.net>

References:
- Help needed with server setup at work
  - From: Rico Secada <coolzone@it.dk>
- Re: Help needed with server setup at work
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: Help needed with server setup at work
  - From: Rico Secada <coolzone@it.dk>
- Re: Help needed with server setup at work
  - From: Greg Folkert <greg@gregfolkert.net>

Prev by Date: Re: Debian User List
Next by Date: sid: nVidia fails with x.org
Previous by thread: Re: Help needed with server setup at work
Next by thread: Re: Help needed with server setup at work
Index(es):
- Date
- Thread