From owner-freebsd-security@FreeBSD.ORG Tue May 18 09:32:36 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C43A16A4CE for ; Tue, 18 May 2004 09:32:36 -0700 (PDT) Received: from serv03.inetworx.ch (serv03.inetworx.ch [212.254.227.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86EC143D48 for ; Tue, 18 May 2004 09:32:31 -0700 (PDT) (envelope-from dev@eth0.ch) Received: from localhost (localhost.localdomain [127.0.0.1]) by serv03.inetworx.ch (Postfix) with ESMTP id A97CA252D6E for ; Tue, 18 May 2004 18:32:30 +0200 (CEST) Received: from serv03.inetworx.ch ([127.0.0.1]) by localhost (serv03.inetworx.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 31937-02 for ; Tue, 18 May 2004 18:32:30 +0200 (CEST) Received: from serv04.inetworx.ch (serv04.inetworx.ch [212.254.227.197]) by serv03.inetworx.ch (Postfix) with SMTP id 758BF252D66 for ; Tue, 18 May 2004 18:32:30 +0200 (CEST) Received: from 217.162.71.141 (SquirrelMail authenticated user dev.eth0) by serv04.inetworx.ch with HTTP; Tue, 18 May 2004 18:32:30 +0200 (CEST) Message-ID: <1434.217.162.71.141.1084897950.squirrel@serv04.inetworx.ch> In-Reply-To: <20040518160517.GA10067@therub.org> References: <4985.217.162.71.141.1084795720.squirrel@serv04.inetworx.ch> <20040518160517.GA10067@therub.org> Date: Tue, 18 May 2004 18:32:30 +0200 (CEST) From: "David E. Meier" To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal X-Virus-Scanned: by amavisd-new at inetworx.ch Subject: Re: Multi-User Security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 May 2004 16:32:36 -0000 > On Mon, May 17, 2004 at 02:08:40PM +0200, David E. Meier wrote: >> Hello list. >> >> I would like to get your opinion on what is a safe multi-user >> environment. >> The scenario: >> >> We would like to offer to some customers of ours some sort of network >> backup/archive. They would put daily or weekly backups from their local >> machine on our server using rsync and SSH. Therefore, they all have a >> user >> account on our server. However, we must ensure that they would >> absolutely >> not be able to access any data of each other at all. >> >> What is the "best and safest" way to do so? Regular UNIX permission >> settings? File system ACL's? User jails? Restricting commands in their >> path environment? Or would it even make sense to encrypt the file >> system? >> How would some of the solutions affect data backups/restore on our side? > > You generally would like to avoid giving people shell (ssh) access if > you can avoid it. If you must give shell access, it is best to set up a > jail. > > However, if you're just doing backup/file access - shell access isn't > necessary. You can do ftps, (ports/ftp/bsdftpd-ssl), and easily use > that to chroot users. You can do sftp (without ssh shell access), but > that's trickier to set up. Unfortunately we will be using rsync and AFAIK it uses SSH for its communication. This way we only transfer the modified files and thus greatly reducing traffic. > One popular solution these days is WebDAV. You use it along with > apache, run it over https, and users can access their files with IE or > other clients. That's true. In theory at least. ;-) Unfortunately again, IE and File Explorer have either bugs or incompatibilities built in that prevents using them in a production environment with Linux/Unix. I tried this setup before and sometimes it stalls, sometimes it works normal then again it takes 2 minutes to transfer some 2KB document... Third-party clients like webdrive worked without any complaints though. Dave