From owner-freebsd-questions@FreeBSD.ORG  Tue Sep 16 05:46:40 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 437431065673
	for <freebsd-questions@freebsd.org>;
	Tue, 16 Sep 2008 05:46:40 +0000 (UTC)
	(envelope-from cyberleo@cyberleo.net)
Received: from mtumishi.cyberleo.net (mtumishi.cyberleo.net [69.72.129.14])
	by mx1.freebsd.org (Postfix) with ESMTP id 1D2DF8FC1D
	for <freebsd-questions@freebsd.org>;
	Tue, 16 Sep 2008 05:46:40 +0000 (UTC)
	(envelope-from cyberleo@cyberleo.net)
Received: from [172.16.44.14] (adsl-75-4-161-142.dsl.emhril.sbcglobal.net
	[75.4.161.142])
	by mtumishi.cyberleo.net (Postfix) with ESMTPSA id E313811474;
	Tue, 16 Sep 2008 01:46:38 -0400 (EDT)
Message-ID: <48CF483C.1020000@cyberleo.net>
Date: Tue, 16 Sep 2008 00:46:36 -0500
From: CyberLeo Kitsana <cyberleo@cyberleo.net>
User-Agent: Thunderbird 2.0.0.16 (X11/20080726)
MIME-Version: 1.0
To: Ted Mittelstaedt <tedm@toybox.placo.com>
References: <BMEDLGAENEKCJFGODFOCOEOHCFAA.tedm@toybox.placo.com>
In-Reply-To: <BMEDLGAENEKCJFGODFOCOEOHCFAA.tedm@toybox.placo.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: Yury Michurin <yury.michurin@gmail.com>, freebsd-questions@freebsd.org
Subject: Re: Being a shell provider - good business?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2008 05:46:40 -0000

Ted Mittelstaedt wrote:
> But getting back to the discussion - the OP's friend seemed like
> he -wanted- to get involved in some rather Bad People.

I'm not entirely sure, but I can't find anyone in this thread whose
actually talked with the OP's friend other than the OP themselves, who
seems to be biased against the idea in the first place. I'm not sure how
such an assertion can be safely made under the circumstances.

Personally, I've always been looking for ways to secure the shell
service I provide, for things such as webspace file transfer and
MUCK/MUD gameserver hosting. I dislike providing FTP to people, as it's
so insecure and firewall-unfriendly, but chrooting SSH/SFTP in a
suitable manner is something I've never been able to successfully complete.

I had something going with Busybox on a test linux box, but alas,
compilation fails horribly on FreeBSD for reasons not adequately explored.

So, for now, I stick with judicious use of UID-based firewall rules,
careful application of unix file permissions, the
security.bsd.see_other_uids sysctl, and knowing personally each person I
host, so I can personally deal with them if they venture into
not-so-nice territory.

-- 
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo@CyberLeo.Net>

Furry Peace! - http://wwww.fur.com/peace/