[clue-admin] User setup for "member" accounts

[David Anselmi]

Jed S. Baer wrote:
[...]
> Unless there's a real need for member accounts to have more access, I
> think they should get the minimum privs they need to update their
> websites, and, I suppose maybe read e-mail using pine or mutt (I don't
> recall what's on the box now for CLI e-mail reading). And that means
> restricted shell, done properly. Since I've never set up chroot jails, I
> don't know if that's going to far, or easily automated once we know how,
> or what.

The first step in this discussion should be to identify what users can 
and can't do (programmers call those requirements, don't they Jeff?). 
We want to give members web pages, so a way to upload pages seems 
necessary.  If that's all that's promised, I'd not give them a shell at all.

Next is to identify risks and apply countermeasures until the risks are 
acceptible.  For example:

If you want to prevent weak passwords, require public key authentication 
(not that hard compared to managing passwords, and perhaps good training 
for members who have never used ssh before).

If you allow a shell, are you worried about members exploiting it?  I 
know a security guy who says if you give him a shell you've given him 
root (i.e., there's sure to be a local root exploit).  So to prevent 
members from getting root you have to limit the commands they use (seems 
that to do that with rbash is equivalent to doing it with chroot though 
it might be a little easier conceptually).

So let's get some requirements, design a solution, and get it reviewed 
by the gurus.

Dave