From owner-freebsd-security@FreeBSD.ORG Tue May 18 09:10:42 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC33E16A4CE for ; Tue, 18 May 2004 09:10:42 -0700 (PDT) Received: from mail.elvandar.org (cust.94.120.adsl.cistron.nl [195.64.94.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id D38AE43D78 for ; Tue, 18 May 2004 09:08:59 -0700 (PDT) (envelope-from remko@elvandar.org) From: "Remko Lodder" To: "Dan Rue" , "David E. Meier" Date: Tue, 18 May 2004 18:08:52 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) Importance: Normal In-Reply-To: <20040518160517.GA10067@therub.org> X-Virus-Scanned: by amavisd-new at elvandar.org cc: freebsd-security@freebsd.org Subject: RE: [Freebsd-security] Re: Multi-User Security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 May 2004 16:10:42 -0000 Ahem, On Mon, May 17, 2004 at 02:08:40PM +0200, David E. Meier wrote: > Hello list. > > I would like to get your opinion on what is a safe multi-user environment. > The scenario: > > We would like to offer to some customers of ours some sort of network > backup/archive. They would put daily or weekly backups from their local > machine on our server using rsync and SSH. Therefore, they all have a user > account on our server. However, we must ensure that they would absolutely > not be able to access any data of each other at all. > > What is the "best and safest" way to do so? Regular UNIX permission > settings? File system ACL's? User jails? Restricting commands in their > path environment? Or would it even make sense to encrypt the file system? > How would some of the solutions affect data backups/restore on our side? D> You generally would like to avoid giving people shell (ssh) access if D> you can avoid it. If you must give shell access, it is best to set up a D> jail. D> However, if you're just doing backup/file access - shell access isn't D> necessary. You can do ftps, (ports/ftp/bsdftpd-ssl), and easily use D> that to chroot users. You can do sftp (without ssh shell access), but D> that's trickier to set up. real tricky :-> scponly-3.8_1|/usr/ports/shells/scponly|/usr/local|A tiny shell that only permits scp and sftp|/usr/ports/shells/scponly/pkg-descr|rushani@FreeBSD.org|shells|||http:/ /www.sublimation.org/scponly/ But not that hard.... ;-) -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene mrtg.grunn.org Dutch mirror of MRTG