Date: Tue, 16 Sep 2008 17:27:53 +0100 From: Vincent Hoffman <vince@unsane.co.uk> To: CyberLeo Kitsana <cyberleo@cyberleo.net> Cc: freebsd-questions@freebsd.org Subject: Re: Being a shell provider - good business? Message-ID: <48CFDE89.2020409@unsane.co.uk> In-Reply-To: <48CF483C.1020000@cyberleo.net> References: <BMEDLGAENEKCJFGODFOCOEOHCFAA.tedm@toybox.placo.com> <48CF483C.1020000@cyberleo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
CyberLeo Kitsana wrote: > Ted Mittelstaedt wrote: > >> But getting back to the discussion - the OP's friend seemed like >> he -wanted- to get involved in some rather Bad People. >> > > I'm not entirely sure, but I can't find anyone in this thread whose > actually talked with the OP's friend other than the OP themselves, who > seems to be biased against the idea in the first place. I'm not sure how > such an assertion can be safely made under the circumstances. > > Personally, I've always been looking for ways to secure the shell > service I provide, for things such as webspace file transfer and > MUCK/MUD gameserver hosting. I dislike providing FTP to people, as it's > so insecure and firewall-unfriendly, but chrooting SSH/SFTP in a > suitable manner is something I've never been able to successfully complete. > > I had something going with Busybox on a test linux box, but alas, > compilation fails horribly on FreeBSD for reasons not adequately explored. > there was some work at getting busybox working for freebsd, see http://info.iet.unipi.it/~luigi/FreeBSD/ > So, for now, I stick with judicious use of UID-based firewall rules, > careful application of unix file permissions, the > security.bsd.see_other_uids sysctl, and knowing personally each person I > host, so I can personally deal with them if they venture into > not-so-nice territory. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48CFDE89.2020409>