From owner-freebsd-security@FreeBSD.ORG Mon May 17 06:56:58 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25B4016A4D1 for ; Mon, 17 May 2004 06:56:58 -0700 (PDT) Received: from saturn.criticalmagic.com (saturn.criticalmagic.com [64.74.124.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id A877043D5E for ; Mon, 17 May 2004 06:56:57 -0700 (PDT) (envelope-from richardcoleman@mindspring.com) Received: from mindspring.com (c-24-99-11-212.atl.client2.attbi.com [24.99.11.212]) by saturn.criticalmagic.com (Postfix) with ESMTP id 3A2F83BD10; Mon, 17 May 2004 09:56:57 -0400 (EDT) Message-ID: <40A8C4A9.2000705@mindspring.com> Date: Mon, 17 May 2004 09:56:57 -0400 From: Richard Coleman Organization: Critical Magic, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "David E. Meier" References: <4985.217.162.71.141.1084795720.squirrel@serv04.inetworx.ch> In-Reply-To: <4985.217.162.71.141.1084795720.squirrel@serv04.inetworx.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: Multi-User Security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: richardcoleman@mindspring.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 May 2004 13:56:58 -0000 David E. Meier wrote: > Hello list. > > I would like to get your opinion on what is a safe multi-user environment. > The scenario: > > We would like to offer to some customers of ours some sort of network > backup/archive. They would put daily or weekly backups from their local > machine on our server using rsync and SSH. Therefore, they all have a user > account on our server. However, we must ensure that they would absolutely > not be able to access any data of each other at all. > > What is the "best and safest" way to do so? Regular UNIX permission > settings? File system ACL's? User jails? Restricting commands in their > path environment? Or would it even make sense to encrypt the file system? > How would some of the solutions affect data backups/restore on our side? > > Any comment on this is welcome. Thanks. Dave. Using a chroot or a jail is the way to go if possible. If you can't use that, then unix permissions or ACL's is the next bet. Restricting commands is the most fragile solution since in many cases it can be subverted. Encrypting the data is also useful if you have the horsepower. Richard Coleman richardcoleman@mindspring.com