Re: security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



roland wrote:
> 
> Someone who will install a website on the server. So I thought to give
> him a login and config apache to read the dir in his home dir.
> He has to upload the files for this site. So I won't him to see only his
> home dir.
> 
> So actually he will not run something, just install.


Roland,

It sounds like sftp chroot() would satisfy your needs.  It would allow the user to manage content in his home directory and make it appear as the root of the filesystem.  In your sshd configuration, specifying "ForceCommand internal-sftp" inside a Match block for the user would force the use of an in-process sftp server, and prevent him from actually logging into a shell via ssh.  For added security, you can also set the user's shell to "/sbin/nologin".

I've done this on CentOS and it was a bit of a hassle, because the version of OpenSSH it provides doesn't include all of the required configuration options.  However, it looks like Fedora's version is recent enough to make it pretty straightforward.

Here are a couple of references that got me through this project:

 OpenSSH SFTP chroot() with ChrootDirectory <http://www.debian-administration.org/article/OpenSSH_SFTP_chroot_with_ChrootDirectory>

 Packaging OpenSSH on CentOS <http://binblog.info/2009/02/27/packaging-openssh-on-centos/>

Regards,

Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux