From owner-freebsd-questions@FreeBSD.ORG Fri Apr 11 17:38:30 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DA9F37B401 for ; Fri, 11 Apr 2003 17:38:30 -0700 (PDT) Received: from catflap.home.slightlystrange.org (pc1-cmbg1-4-cust43.cmbg.cable.ntl.com [62.253.133.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8312943FA3 for ; Fri, 11 Apr 2003 17:38:29 -0700 (PDT) (envelope-from dan@slightlystrange.org) Received: from danielby by catflap.home.slightlystrange.org with local (Exim 3.36 #1) id 19492E-0005hZ-00 for questions@freebsd.org; Sat, 12 Apr 2003 01:38:22 +0100 Date: Sat, 12 Apr 2003 01:38:22 +0100 From: Daniel Bye To: questions@freebsd.org Message-ID: <20030412003821.GB21606@catflap.home.slightlystrange.org> Mail-Followup-To: questions@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Scanner: exiscan *19492E-0005hZ-00*7RV8q69ABWw* (SlightlyStrange.org, Using NOD32 http://www.nod32.com) Subject: Re: Chrooting SSH X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dan@slightlystrange.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Apr 2003 00:38:30 -0000 On Fri, Apr 11, 2003 at 11:37:32PM +0200, Ian Barnes wrote: > Hi, > > I have a few questions for the brains around. > > 1.)I am going to set up a shell server. I want to CHRoot the users, and > allow them access to certain programs only. There will be different levels > on the server, so i want to be able to control what level user can use what > program (WOW!). chrootssh was mentioned on the list a couple of days ago. It may be what you need: http://chrootssh.sourceforge.net There are several ways you could set up the different "levels" of access - using traditional UNIX groups is maybe the easiest, or you could really take advantage of chrootssh's caabilities, and build multiple chroot environments. This is a lot more work though. You might even consider using jail(8), if you have enough IP addresses. > 2.)I also want to implement bandwidth management, please point me in the > right direction to finding a good tutorial on how to do this. Dummynet is your friend. The ipfw(8) man page should get you started, or try googling - even a one-word search brings back loads of useful looking resources. > 3.)What firewall should i use ... IPFW or IPF ? Im not going to be doing > NAT, just basic firewalling, but i need it to be secure. Which is the easist > to learn etc. IPFW - it provides dummynet to satisfy 2) above. ... > 5.)Setting up quotas for each user. Saying X is allowed 10meg while Y is > allowed 50meg etc. FreeBSD provides a disk quota mechanism - check the documentation in the handbook at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/quotas.html It should be enough to get you started. Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \