Re: Minimizing shell access on my VPS
On Sat, Jan 18, 2014 at 6:23 PM, Aubrey Raech <aubrey@raech.net> wrote:
> Hey debian-user list--
>
> I have a friend in another country who only uses Windows, and I wanted
> to show him a programming project I've been working on. This program
> only runs on GNU/Linux as of now, and is accessed through the terminal.
Cool, an excuse to get him to load MinGW or CygWin!
> My first thought is that this isn't a problem; I have a VPS running
> Debian wheezy. I could set up a user account for my friend and he could
> log in with Putty via ssh and run the program per my instructions.
Oh. Well, that might work, too. chroot the new user account, of
course. Or just make sure his user account is not a member of any
other user account's group.
> The problem arises in that I don't necessarily trust that he won't go
> snooping. For example, I'd prefer if he not have access to the system
> outside of his home folder (apart of course from the binaries necessary
> to run my program and things like his shell and related functions).
> I've run this...
>
> # chmod o-x /home/aubrey
You don't do that anyway?
> ...so that he can't access at least my personal things, but honestly I'd
> prefer he only really be able to run the one program.
Is he some sort of poweruser? I mean, if he's running only MSWindows,
why would he know what to do even if he lucked onto some of the more
obvious commands.
> Is there some
> other method for doing this that's eluding me? Or are there other
> tips/tricks for significantly locking down somebody's login shell on a
> system?
>
> Just thought I'd pick the brains of the debian-user list and see what I
> can come up with! ;)
>
> Thanks,
> --Aubrey
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
Reply to: