security

[kalinix]

On Thu, 2010-08-12 at 16:44 +0200, roland wrote:

> On Thu, 12 Aug 2010 15:31:04 +0200, Tim <ignored_mailbox at yahoo.com.au>  
> wrote:
> 
> > On Thu, 2010-08-12 at 14:40 +0200, roland wrote:
> >> I would like to give someone a login on my server.
> >> But, I would like to limit access to his home dir.
> >>
> >> With Nautilus, Konqueror or from distance with p.e. Winscp, this
> >> person could see what he wants and do maybe the unexpected.
> >
> > Unless you get slack with permissions, they can't read files owned by
> > someone else unless those files have read permission for "other" users.
> > Likewise, regarding writing to them.  No ordinary user can change system
> > or application files, only their own files.
> >
> > And, as far as restricting them, that may depend on what you mean by
> > logon to your system.  You're sharing out a drive, directories, or
> > actually allowing a direct logon where they can run things.
> >
> Someone who will install a website on the server. So I thought to give him  
> a login and config apache to read the dir in his home dir.
> He has to upload the files for this site. So I won't him to see only his  
> home dir.
> 
> So actually he will not run something, just install.
> 
> -- 
> 
> Roland
> 
> 
> 



chrooted ssh.

http://www.howtoforge.com/chrooted_ssh_howto_debian

It's for debian, but it works ok on fedora too. You don't necessarily
need to download patched openssh, as now the openssh fedora ships
supports chroot out of the box.

-- 


Calin

Key fingerprint = 37B8 0DA5 9B2A 8554 FB2B 4145 5DC1 15DD A3EF E857

=================================================
Come quickly, I am tasting stars! -- Dom Perignon, upon discovering
champagne.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20100813/c5cc8424/attachment-0001.html