From owner-freebsd-questions  Sun May 27  6:36: 4 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from clmboh1-smtp3.columbus.rr.com (clmboh1-smtp3.columbus.rr.com [65.24.0.112])
	by hub.freebsd.org (Postfix) with ESMTP id 71F9137B422
	for <freebsd-questions@FreeBSD.ORG>; Sun, 27 May 2001 06:35:59 -0700 (PDT)
	(envelope-from wmoran@iowna.com)
Received: from iowna.com (dhcp065-024-023-038.columbus.rr.com [65.24.23.38])
	by clmboh1-smtp3.columbus.rr.com (8.11.2/8.11.2) with ESMTP id f4RDWnk19415;
	Sun, 27 May 2001 09:32:49 -0400 (EDT)
Message-ID: <3B11026F.5FAE902F@iowna.com>
Date: Sun, 27 May 2001 09:34:39 -0400
From: Bill Moran <wmoran@iowna.com>
X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Jorge Biquez <jbiquez@icsmx.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Advice on ISP services Please.
References: <5.0.2.1.2.20010526230146.01c50350@icsmx.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

There's been some excellent advice from others, so I'm not going to
repeat it all, just add to it:

Jorge Biquez wrote:
> - How to restrict the access of FTP to only the specified directory of the
> user. And that they can not see other users directories.

Look in "man ftpd" for the section on /etc/ftpchroot Basically, any user
name you put in this file will be restricted to their home directory.
But read the man page.

> - How to implement quotas with FTP so users only can have a limit on space.

Use the FreeBSD disk quota system. "man quota" to start reading. I
believe there are sections in the handbook as well.

> - How to avoid users have access to telnet services.

1. Disable telnet in /etc/inetd.conf
2. Use ssh instead
3. Change shells to "nologin" for users you don't want to be able to
ssh.

> - How to avoid that a script of a user can consume lot of resources and
> could crash the machine.

Use login classes. "man login.conf" is a good place to start reading,
also the applicable section of the handbook.

> Mail servers are run on other machine as well as DNS.
> What other important points am I missing?

Firewalling, maybe (you may or may not need it)
Also, consider running a proxy, such as Squid. It's not a security
issue, but it will improve performance.

-Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message