From owner-freebsd-questions@FreeBSD.ORG Tue Sep 16 16:27:58 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB034106566C for ; Tue, 16 Sep 2008 16:27:58 +0000 (UTC) (envelope-from vince@unsane.co.uk) Received: from unsane.co.uk (unsane-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:110::2]) by mx1.freebsd.org (Postfix) with ESMTP id 405608FC1D for ; Tue, 16 Sep 2008 16:27:58 +0000 (UTC) (envelope-from vince@unsane.co.uk) Received: from vhoffman.lon.namesco.net (150.117-84-212.staticip.namesco.net [212.84.117.150]) (authenticated bits=0) by unsane.co.uk (8.14.0/8.14.0) with ESMTP id m8GGS1MP011230 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 16 Sep 2008 17:28:02 +0100 (BST) (envelope-from vince@unsane.co.uk) Message-ID: <48CFDE89.2020409@unsane.co.uk> Date: Tue, 16 Sep 2008 17:27:53 +0100 From: Vincent Hoffman User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707) MIME-Version: 1.0 To: CyberLeo Kitsana References: <48CF483C.1020000@cyberleo.net> In-Reply-To: <48CF483C.1020000@cyberleo.net> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Being a shell provider - good business? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2008 16:27:58 -0000 CyberLeo Kitsana wrote: > Ted Mittelstaedt wrote: > >> But getting back to the discussion - the OP's friend seemed like >> he -wanted- to get involved in some rather Bad People. >> > > I'm not entirely sure, but I can't find anyone in this thread whose > actually talked with the OP's friend other than the OP themselves, who > seems to be biased against the idea in the first place. I'm not sure how > such an assertion can be safely made under the circumstances. > > Personally, I've always been looking for ways to secure the shell > service I provide, for things such as webspace file transfer and > MUCK/MUD gameserver hosting. I dislike providing FTP to people, as it's > so insecure and firewall-unfriendly, but chrooting SSH/SFTP in a > suitable manner is something I've never been able to successfully complete. > > I had something going with Busybox on a test linux box, but alas, > compilation fails horribly on FreeBSD for reasons not adequately explored. > there was some work at getting busybox working for freebsd, see http://info.iet.unipi.it/~luigi/FreeBSD/ > So, for now, I stick with judicious use of UID-based firewall rules, > careful application of unix file permissions, the > security.bsd.see_other_uids sysctl, and knowing personally each person I > host, so I can personally deal with them if they venture into > not-so-nice territory. > >