FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-14-2009, 09:18 PM
Eric Gerlach
 
Default adding secure accounts for remote users?

On Sat, Feb 14, 2009 at 03:10:07PM -0500, Zach Uram wrote:
> I want to give some friends accounts on my server so that they can
>
> 1) ssh in to the sever
> 2) have web space on the apache2 webserver such as $HOME/public_html
> so they would be http://www.server.org/~user
>
> How exactly can I setup these 2 things?
>
> Also how can I restrict the users to *only* their $HOME directory so
> they cannot cd or ls any other directories or files on my filesystem?
>
> Running Debian lenny.

If all you're looking to do is give them the ability to SFTP, you can do the
following:

http://www.debian-administration.org/articles/590

However, if they need a shell prompt, that's a lot harder. You'll have to
create a chroot jail (and note that they aren't perfect). Google for "chroot
ssh" to get more information. Spend a *lot* of time reading up, because it's
not trivial. Also you'll have to put a copy of every command you want your
users to be able to run in the jail.

Overall, if you can convince your users to live with SFTP only, do that. It's
what we've done in one case, and nobody really cares most of the time.

Cheers,

--
Eric Gerlach, Network Administrator
Federation of Students
University of Waterloo
p: (519) 888-4567 x36329
e: egerlach@feds.uwaterloo.ca


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-14-2009, 11:08 PM
Zach Uram
 
Default adding secure accounts for remote users?

Shams and Eric,

Thanks for the replies, I decided to go with just SFTP for now. I
suppose they could also use SCP?

Regards,
Zach


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-15-2009, 01:04 AM
Eric Gerlach
 
Default adding secure accounts for remote users?

On Sat, Feb 14, 2009 at 07:08:05PM -0500, Zach Uram wrote:
> Shams and Eric,
>
> Thanks for the replies, I decided to go with just SFTP for now. I
> suppose they could also use SCP?

Technically, no, they're different protocols. I'm not sure if newer versions
of scp will try sftp first, but there is a separate sftp program. Windows
users can use FileZilla, OSX users can use Fugu (IIRC).

Cheers,

--
Eric Gerlach, Network Administrator
Federation of Students
University of Waterloo
p: (519) 888-4567 x36329
e: egerlach@feds.uwaterloo.ca


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-15-2009, 01:38 AM
L Glidewell
 
Default adding secure accounts for remote users?

On Saturday 14 February 2009 16:08:05 Zach Uram wrote:
> Shams and Eric,
>
> Thanks for the replies, I decided to go with just SFTP for now. I
> suppose they could also use SCP?
>
> Regards,
> Zach

Configure the users with the scponly shell and they will be able to use either
scp or sftp as needed.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-19-2009, 12:16 PM
"Andrew McGlashan"
 
Default adding secure accounts for remote users?

Hi,

L Glidewell wrote:

On Saturday 14 February 2009 16:08:05 Zach Uram wrote:

Thanks for the replies, I decided to go with just SFTP for now. I
suppose they could also use SCP?


Configure the users with the scponly shell and they will be able to
use either scp or sftp as needed.


I would use scponlyc -- the chroot version, that allows winscp.

Cheers
AndrewM

Andrew McGlashan
Broadband Solutions now including VoIP


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 01:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org