>>>>> "Mario" == Mario Biron <mario_biron @
cardinal .
almerco .
ca> writes:
Mario> I think I have figured out the minimal files to have a
Mario> skeleton access but I don't know how to apply it to certain
Mario> users (a chroot I think, but how and where).
There are a couple of ways to do this, but which way is the right way
is going to depend on your motivation for doing it.
o If it's because that machine has connectivity to the internal and
external networks (i.e., it's your bastion host), you probably
don't want users to have logins ther at all. A much better
solution would be telnet and ftp _proxies_. FWTK has some good
examples of how to implement this fairly simply. (It's evil for
mortals to have logins on bastion hosts.)
o If it's because some users are inclined to try to crack the system,
you should be aware that even chroot(2) isn't perfect. Maybe a
better approach would be to make your own shell that has only
allows users to telnet or ftp. Be sure that shell escapes aren't
allowed from either of thos applications. Then replace /bin/sh or
whatever with /usr/local/bin/yourshell
o Look at Rsh. Maybe this is what you want.
Hope that helps.
--
Matt Curtin Chief Scientist Megasoft Online cmcurtin @
research .
megasoft .
com
http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself
Pull AGIS.NET's plug! Crack DES NOW! http://www.frii.com/~rcv/deschall.htm
References:
|
|
