Date: Mon, 9 May 2011 21:50:48 +0400 From: Peter Vereshagin <peter@vereshagin.org> To: freebsd-questions@freebsd.org Subject: Re: restricted ssh shell for ruby on rails hosting ? (rake, git, etc.) Message-ID: <20110509175048.GA8326@external.screwed.box> In-Reply-To: <1304953326.6473.37.camel@ompc.insign> References: <1304953326.6473.37.camel@ompc.insign>
next in thread | previous in thread | raw e-mail | index | archive | help
Nobody knows that you're in for that, freebsd-questions! 2011/05/09 17:02:06 +0200 Olivier Mueller <om-lists-bsd@omx.ch> => To FreeBSD Questions : OM> but one of the thing I would like to prevent is for example accessing OM> some files like /etc/passwd (= listing all other customers domains in OM> this specific case). I learned about the chroot option for some new flavor of sshd recently, probably the chroot dir is capable to be assigned per user. With proper nullfs plugging software features like binaries, libs and cron variables into every such a directory for every such a user this should do the trick. OM> Other things would be: OM> - prevent the launch of daemons (-> screen, irssi, bots, etc.) -> ? This particular should be achieved by mean of time-related ulimit capabilities in login.conf(5)? If for ports to listen, the restrictions should be made via mac(3) to restrict the certain system call, e. g., listen() for particular system instances, e. g., users? 73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB 12F8 0CE1 4AAC A0E2 6627) -- http://vereshagin.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110509175048.GA8326>