From owner-freebsd-isp Mon Jul 24 12:12:27 2000 Delivered-To: freebsd-isp@freebsd.org Received: from marine.sonic.net (marine.sonic.net [208.201.224.37]) by hub.freebsd.org (Postfix) with SMTP id 68EB937BC29 for ; Mon, 24 Jul 2000 12:12:19 -0700 (PDT) (envelope-from kgc@sonic.net) Received: (qmail 30148 invoked from network); 24 Jul 2000 19:12:18 -0000 Received: from ultra.sonic.net (208.201.224.22) by marine.sonic.net with SMTP; 24 Jul 2000 19:12:18 -0000 Received: from sonic.net (wingerboy.sonic.net [208.201.224.75]) by ultra.sonic.net (8.8.8/8.8.5) with ESMTP id MAA26527; Mon, 24 Jul 2000 12:08:55 -0700 X-envelope-info: Message-ID: <397C9512.BC715851@sonic.net> Date: Mon, 24 Jul 2000 12:12:18 -0700 From: Kelsey Cummings Reply-To: kgc@sonic.net Organization: sonic.net X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 3.5-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: chem@i-p-d.nl Cc: freebsd-isp@FreeBSD.ORG Subject: Re: limiting telnet-users References: <200007241704.TAA13257@ns1.i-p-d.nl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I did this for an other ISP a while back. Myself and the other sysadmin hacked login to chroot the user if the UID was less than 1000 and constructed scripts which built the needed trees with hardlinks and made the /tmp, and other directories that need specific permissions under /home/user. I'm not sure I'd go through the trouble of doing this again. It was a cool project, and worth doing once, but you might be better off just making a very secure 'open' multiuser system, with very careful file permissions, kernel security set high, with immutable flags on all of the system files and binaries that should never change. I think there are some good FAQs on nailing down fBSD like this out there. "chem@i-p-d.nl" wrote: > > Hi, > > I have been investigating a way to limit telnet-users to their own home-dir. > Problem with chroot is that a lot of dirs would have to be copied to the home- > dir, in order for them to work with telnet. We only give telnet-access to users > that specifically ask for it, because ftp is to limited. I remember a post from > about a year ago, of someone who managed it by setting the permissions of the > home-dirs and the dir above at a specific way, i believe in combination with a > specific umask. Can't find that posting in the archives, though. > > I would love to hear some solutions to this problem and/or some pointers. > > TIA > chem > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Kelsey Cummings - kgc@sonic.net sonic.net System Administrator 300 B Street, Ste 101 707.522.1000 (Voice) Santa Rosa, CA 95404 707.547.2199 (Fax) http://www.sonic.net/ Fingerprint = 7F 59 43 1B 44 8A 0D 57 91 08 73 73 7A 48 90 C5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message