Date: Mon, 24 Jul 2000 12:12:18 -0700 From: Kelsey Cummings <kgc@sonic.net> To: chem@i-p-d.nl Cc: freebsd-isp@FreeBSD.ORG Subject: Re: limiting telnet-users Message-ID: <397C9512.BC715851@sonic.net> References: <200007241704.TAA13257@ns1.i-p-d.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
I did this for an other ISP a while back. Myself and the other sysadmin hacked login to chroot the user if the UID was less than 1000 and constructed scripts which built the needed trees with hardlinks and made the /tmp, and other directories that need specific permissions under /home/user. I'm not sure I'd go through the trouble of doing this again. It was a cool project, and worth doing once, but you might be better off just making a very secure 'open' multiuser system, with very careful file permissions, kernel security set high, with immutable flags on all of the system files and binaries that should never change. I think there are some good FAQs on nailing down fBSD like this out there. "chem@i-p-d.nl" wrote: > > Hi, > > I have been investigating a way to limit telnet-users to their own home-dir. > Problem with chroot is that a lot of dirs would have to be copied to the home- > dir, in order for them to work with telnet. We only give telnet-access to users > that specifically ask for it, because ftp is to limited. I remember a post from > about a year ago, of someone who managed it by setting the permissions of the > home-dirs and the dir above at a specific way, i believe in combination with a > specific umask. Can't find that posting in the archives, though. > > I would love to hear some solutions to this problem and/or some pointers. > > TIA > chem > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Kelsey Cummings - kgc@sonic.net sonic.net System Administrator 300 B Street, Ste 101 707.522.1000 (Voice) Santa Rosa, CA 95404 707.547.2199 (Fax) http://www.sonic.net/ Fingerprint = 7F 59 43 1B 44 8A 0D 57 91 08 73 73 7A 48 90 C5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?397C9512.BC715851>