From owner-freebsd-questions Sun May 27 1:37: 9 2001 Delivered-To: freebsd-questions@freebsd.org Received: from omsk.mushinsky.net (p37-251.acedsl.com [66.9.37.251]) by hub.freebsd.org (Postfix) with ESMTP id 9F19237B443 for ; Sun, 27 May 2001 01:36:44 -0700 (PDT) (envelope-from itz@omsk.mushinsky.net) Received: (from itz@localhost) by omsk.mushinsky.net (8.11.3/8.11.1) id f4R6svG16220 for freebsd-questions@freebsd.org; Sun, 27 May 2001 02:54:57 -0400 (EDT) (envelope-from itz) Content-Type: text/plain; charset="koi8-r" From: Isaac Mushinsky To: freebsd-questions@freebsd.org Subject: Fwd: Re: Advice on ISP services Please. Date: Sun, 27 May 2001 02:54:57 -0400 X-Mailer: KMail [version 1.2] MIME-Version: 1.0 Message-Id: <01052702545702.14903@omsk.mushinsky.net> Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ---------- Forwarded Message ---------- Subject: Re: Advice on ISP services Please. Date: Sun, 27 May 2001 02:50:16 -0400 From: Isaac Mushinsky To: Jorge Biquez > - How to restrict the access of FTP to only the specified directory of = the > user. And that they can not see other users directories. You can set security to tight, and I think users then cannot list other t= han their home directories. Or there are ftpd options, I think, to define ftp privileges. > - How to implement quotas with FTP so users only can have a limit on sp= ace. look at man quota. FTP or no, it sets max size of user's home directories= via /etc/quota.user or quota.group > - How to avoid users have access to telnet services. Here are some options: 1) just turn telnet off. Comment the line "telnet" in inetd.conf and rest= art inetd. If you really want a secure environment, you can't allow any nonencrypted telnet at all. Use ssh instead 2) If you want no shell acces for them at all put shell as /sbin/nologin = in /etc/passwd for these users. They can still be allowed ftp. 3) If for some reason you still need some telnet service, forbid those us= ers you want to restrict to have remote login in /etc/login.access > - How to avoid that a script of a user can consume lot of resources and > could crash the machine. 4) It really shouldn't crash the machine. If a user process eats a lot of resources, renice it. It is allso possible to setpriority/renice on user processes. Look at man nice. > Mail servers are run on other machine as well as DNS. > What other important points am I missing? Get a good box with a lot of RAM, etc. Have a backup box, etc. Well, it's= all obvious. Good luck ------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message