Date: Mon, 17 May 2004 14:24:29 +0100 (BST) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Frankye - ML <listsucker@ipv5.net> Cc: freebsd-security@freebsd.org Subject: Re: Multi-User Security Message-ID: <Pine.GSO.4.58.0405171421030.28573@mail.ilrt.bris.ac.uk> In-Reply-To: <20040517151016.7b83fbe9@godzilla> References: <4985.217.162.71.141.1084795720.squirrel@serv04.inetworx.ch> <20040517151016.7b83fbe9@godzilla>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 May 2004, Frankye - ML wrote: > On Mon, 17 May 2004 14:08:40 +0200 (CEST) > "David E. Meier" <dev@eth0.ch> wrote: > > | We would like to offer to some customers of ours some sort of network > | backup/archive. They would put daily or weekly backups from their local > | machine on our server using rsync and SSH. Therefore, they all have a > | user account on our server. However, we must ensure that they would > | absolutely not be able to access any data of each other at all. > > Just my 2 cents: I've found very useful some shells that permits just some > subset of commands, for example shells/scponly, sysutils/bksh or > sendmail's smrsh. > > Since you're using ssh you might also find useful the command= statement > in .ssh/authorized_keys However, if you are using rsync or some other complex endpoint on the server, you are also reliant on that having no way to subvert its protocol or operation from the client side. "command=" settings in the ssh config are a good starting point, but for defense in depth you probably want careful control of filesystem access, be it through a jail or some other mechanism. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ Not as randy or clumsom as a blaster.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.58.0405171421030.28573>