From owner-freebsd-security@FreeBSD.ORG Mon May 17 05:08:42 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F30B16A4CE for ; Mon, 17 May 2004 05:08:42 -0700 (PDT) Received: from serv03.inetworx.ch (serv03.inetworx.ch [212.254.227.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0CEC43D5E for ; Mon, 17 May 2004 05:08:41 -0700 (PDT) (envelope-from dev@eth0.ch) Received: from localhost (localhost.localdomain [127.0.0.1]) by serv03.inetworx.ch (Postfix) with ESMTP id 8D7D8252D6D for ; Mon, 17 May 2004 14:08:40 +0200 (CEST) Received: from serv03.inetworx.ch ([127.0.0.1]) by localhost (serv03.inetworx.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 19997-03-2 for ; Mon, 17 May 2004 14:08:40 +0200 (CEST) Received: from serv04.inetworx.ch (serv04.inetworx.ch [212.254.227.197]) by serv03.inetworx.ch (Postfix) with SMTP id 5F0EF252D63 for ; Mon, 17 May 2004 14:08:40 +0200 (CEST) Received: from 217.162.71.141 (SquirrelMail authenticated user dev.eth0) by serv04.inetworx.ch with HTTP; Mon, 17 May 2004 14:08:40 +0200 (CEST) Message-ID: <4985.217.162.71.141.1084795720.squirrel@serv04.inetworx.ch> Date: Mon, 17 May 2004 14:08:40 +0200 (CEST) From: "David E. Meier" To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal X-Virus-Scanned: by amavisd-new at inetworx.ch Subject: Multi-User Security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 May 2004 12:08:42 -0000 Hello list. I would like to get your opinion on what is a safe multi-user environment. The scenario: We would like to offer to some customers of ours some sort of network backup/archive. They would put daily or weekly backups from their local machine on our server using rsync and SSH. Therefore, they all have a user account on our server. However, we must ensure that they would absolutely not be able to access any data of each other at all. What is the "best and safest" way to do so? Regular UNIX permission settings? File system ACL's? User jails? Restricting commands in their path environment? Or would it even make sense to encrypt the file system? How would some of the solutions affect data backups/restore on our side? Any comment on this is welcome. Thanks. Dave.