[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Limiting system and filesystem access

From: Ed Wilts <ewilts ewilts org>
To: General Red Hat Linux discussion list <redhat-list redhat com>
Subject: Re: Limiting system and filesystem access
Date: Thu, 8 Dec 2005 12:35:30 -0600

On Thu, Dec 08, 2005 at 11:19:46AM -0600, McDougall, Marshall (FSH) wrote:
> I apologize if this is too OT.  

It's absolutely on topic.

> So my burning question is:  How do I give this user sftp access only to
> a very limited area of my system?  Any assistance appreciated.

There is no supported and secure method of chroot'ing a user using
openssh.  Sadly enough, any number of open source FTP servers will
gladly do this for you making FTP *more* secure than SFTP for this type
of application.  This is especially true if you can make ftp/tls work
for you.

What we're doing is buying the Tectia SSH server for our external-facing
servers.  It's commercial but will give us secure chroot'ed access to
the file systems for our external customers.

        .../Ed

-- 
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts ewilts org
Member #1, Red Hat Community Ambassador Program

References:
- Limiting system and filesystem access
  - From: McDougall, Marshall \(FSH\)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]