security

[roland]

On Fri, 13 Aug 2010 09:39:49 +0200, kalinix  
<calin.kalinix.cosma at gmail.com> wrote:

> On Thu, 2010-08-12 at 16:44 +0200, roland wrote:
>
>> On Thu, 12 Aug 2010 15:31:04 +0200, Tim <ignored_mailbox at yahoo.com.au>
>> wrote:
>>
>> > On Thu, 2010-08-12 at 14:40 +0200, roland wrote:
>> >> I would like to give someone a login on my server.
>> >> But, I would like to limit access to his home dir.
>> >>
>> >> With Nautilus, Konqueror or from distance with p.e. Winscp, this
>> >> person could see what he wants and do maybe the unexpected.
>> >
>> > Unless you get slack with permissions, they can't read files owned by
>> > someone else unless those files have read permission for "other"  
>> users.
>> > Likewise, regarding writing to them.  No ordinary user can change  
>> system
>> > or application files, only their own files.
>> >
>> > And, as far as restricting them, that may depend on what you mean by
>> > logon to your system.  You're sharing out a drive, directories, or
>> > actually allowing a direct logon where they can run things.
>> >
>> Someone who will install a website on the server. So I thought to give  
>> him
>> a login and config apache to read the dir in his home dir.
>> He has to upload the files for this site. So I won't him to see only his
>> home dir.
>>
>> So actually he will not run something, just install.
>>
>
> chrooted ssh.
>
> http://www.howtoforge.com/chrooted_ssh_howto_debian
>
> It's for debian, but it works ok on fedora too. You don't necessarily
> need to download patched openssh, as now the openssh fedora ships
> supports chroot out of the box.
>
I looked it op for Fedora and CentOS, and it is available as well.

If this works, that would be great.
Will try it this afternoon.

I thank you very much.


-- 

Roland