Date: Sun, 27 May 2001 03:01:05 -0400 From: Isaac Mushinsky <itz@mushinsky.net> To: "freebsd-questions" <freebsd-questions@freebsd.org> Subject: Fwd: Re: Advice on ISP services Please. Message-ID: <01052703010507.14903@omsk.mushinsky.net>
next in thread | raw e-mail | index | archive | help
> - How to restrict the access of FTP to only the specified directory of = the > user. And that they can not see other users directories. You can set security to tight, and I think users then cannot list other t= han their home directories. Or there are ftpd options, I think, to define ftp privileges. > - How to implement quotas with FTP so users only can have a limit on sp= ace. look at man quota. FTP or no, it sets max size of user's home directories= via /etc/quota.user or quota.group > - How to avoid users have access to telnet services. Here are some options: 1) just turn telnet off. Comment the line "telnet" in inetd.conf and rest= art inetd. If you really want a secure environment, you can't allow any nonencrypted telnet at all. Use ssh instead 2) If you want no shell acces for them at all put shell as /sbin/nologin = in /etc/passwd for these users. They can still be allowed ftp. 3) If for some reason you still need some telnet service, forbid those us= ers you want to restrict to have remote login in /etc/login.access > - How to avoid that a script of a user can consume lot of resources and > could crash the machine. 4) It really shouldn't crash the machine. If a user process eats a lot of resources, renice it. It is allso possible to setpriority/renice on user processes. Look at man nice. > Mail servers are run on other machine as well as DNS. > What other important points am I missing? Get a good box with a lot of RAM, etc. Have a backup box, etc. Well, it's= all obvious. Good luck ------------------------------------------------------- ------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01052703010507.14903>