[clue-admin] User setup for "member" accounts
Jed S. Baer
thag at frii.com
Tue Jan 4 08:46:34 MST 2005
On Tue, 4 Jan 2005 07:23:19 -0700
Collins Richey wrote:
> We prefer to allow sftp so that members can modify their own
> environment with ease, but only their own environment. sftp is ideal
> for this use, but unfortunately it will allow the use to cd to any
> visible directory (not what we want).
Being able to use cd and ls is a pretty small thing. As long as we prevent
modifications, that's the main thing. We can do a lot with umask and
permissions. The other main thing, I think, are exploits to suid
executables. But that's more a general hardening question, I think.
> Apparenly authorized_keys2 is antequated. Our ssh setup only works
> with aurhorized_keys.
I'm using authorized_keys2. Just FYI.
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list