From owner-freebsd-security@FreeBSD.ORG  Mon May 17 06:10:36 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3FAE416A4CE
	for <freebsd-security@freebsd.org>;
	Mon, 17 May 2004 06:10:36 -0700 (PDT)
Received: from mail.xensia.net (colo1.xensia.net [217.158.173.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 60FA343D5A
	for <freebsd-security@freebsd.org>;
	Mon, 17 May 2004 06:10:35 -0700 (PDT)
	(envelope-from listsucker@ipv5.net)
Received: from 81-174-5-192.f5.ngi.it ([81.174.5.192] helo=godzilla)
	by mail.xensia.net with asmtp (TLSv1:DES-CBC3-SHA:168)
	id 1BPht3-000An0-00; Mon, 17 May 2004 14:10:33 +0100
Date: Mon, 17 May 2004 15:10:16 +0200
From: Frankye - ML <listsucker@ipv5.net>
To: freebsd-security@freebsd.org
Message-Id: <20040517151016.7b83fbe9@godzilla>
In-Reply-To: <4985.217.162.71.141.1084795720.squirrel@serv04.inetworx.ch>
References: <4985.217.162.71.141.1084795720.squirrel@serv04.inetworx.ch>
X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10; i386-portbld-freebsd4.10)
X-Face: =3I@Jvohf91[b8M]~KUNFaCt}pnTO2K^E#_P4`uCU]D"pHw<vv.g[XV?Zpoi"<2\iSqtx8mg!7,l,"Fw+yCvy[a&<$zz=zGwFX0d4QIxc-e}"VNP-/=W`*P4mM2tYl;s"b=.dOsO3?zC==4G}GWr7-EZxIcVm^6snu=b<'A_g?!)eS~JFGthz?vhiuiFfkl!M?T}m-D*=R
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: Multi-User Security
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2004 13:10:36 -0000

On Mon, 17 May 2004 14:08:40 +0200 (CEST)
"David E. Meier" <dev@eth0.ch> wrote:

| We would like to offer to some customers of ours some sort of network
| backup/archive. They would put daily or weekly backups from their local
| machine on our server using rsync and SSH. Therefore, they all have a
| user account on our server. However, we must ensure that they would
| absolutely not be able to access any data of each other at all.

Just my 2 cents: I've found very useful some shells that permits just some
subset of commands, for example shells/scponly, sysutils/bksh or
sendmail's smrsh.

Since you're using ssh you might also find useful the command= statement
in .ssh/authorized_keys

HTH

Frankye