Re: [SLUG] Security & adding another 'user' to a web site.
[EMAIL PROTECTED] wrote: Michael Lake wrote: 4. Other ways ? What's the easist way to allow the new user to use windows scp but not browse the filesystem. Reading up on chroot jails it seems that they are not trivial to setup. How about webmin-updown module, for instance? In general, webmin might allow you to give limited access to certain operations over the web and without giving away shell access at all. Not keen on webmin as were exploits for it when I looked at it last year. Maybe I should look at it again. Another option might be to use a restricting ftp server over ssh. Not familiar with that at all. BTW - I've just learned about winscp - http://winscp.sourceforge.net/eng/, it's so much more friendly than window's command line. Yes that's what I have given to the user that uploads files. Before I used the virtual server the hosting co provided ftp. With the virt server I didnt put on any ftpd and its ssh or scp only for access. I sleep better at night now. Mike -- Michael Lake Chemistry, Materials & Forensic Science, UTS Ph: 9514 1725 Fx: 9514 1460 -- UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Security & adding another 'user' to a web site.
Michael Lake wrote: 4. Other ways ? What's the easist way to allow the new user to use windows scp but not browse the filesystem. Reading up on chroot jails it seems that they are not trivial to setup. How about webmin-updown module, for instance? In general, webmin might allow you to give limited access to certain operations over the web and without giving away shell access at all. Another option might be to use a restricting ftp server over ssh. BTW - I've just learned about winscp - http://winscp.sourceforge.net/eng/, it's so much more friendly than window's command line. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Security & adding another 'user' to a web site.
Hi all I have a web site hosted on a virtual server and it serves an environmental group. Another 'sub group' wants to have some web space and Im wondering what options there are and what tradeoffs one has with security for the options. As its a virtual server I have root access and can configure apache. But for subdomains I need to get the hoster to configure things and sub domains cost a little bit. Current situation - I have a normal Linux user 'somegroup' - http://www.somegroup.org.au -> /home/somegroup/www/ - I don't have any VirtualHost sections in httpd.conf - I have ~usernames disabled. - I have public_html directories disabled. - I dont have ftp just ssh and scp. - One user only who looks after web pages has the ssh password and puts pages up via scp from Windows box (known, trusted user). - Im running an important database from /home/db/www/ Apache maps http://www.somegroup.org.au/other to the 'db' user. A group wants say http://www.somegroup.org.au/SUB-group/ The person who will put up the pages is unknown. 1. I setup a directory /home/somegroup/www/SUB-group/ and pass onto them the ssh/scp passwd. Now more people have the word and with that they can browse the server by ssh'ing in. 2. I set up new Linux user say 'SUB-group' and they have their pages under /home/SUB-group/www. I setup a symlink from: /home/somegroup/www/SUB-group/index.html -> /home/SUB-group/www/index.html and then I have to "Allow SymLinks" in apache. But they do have a different password now. 3. Same as 2; I set up new Linux user say 'SUB-group' and they have their pages under /home/SUB-group/www/ But I enable the www directory in apache and they have http://www.somegroup.org.au/~SUB-group/ 4. Other ways ? What's the easist way to allow the new user to use windows scp but not browse the filesystem. Reading up on chroot jails it seems that they are not trivial to setup. I gather there are good/bad points for each and how long is a super string :-) Also what needs to be done by the hosting provider if a group wants http://SUB-group.somegroup.org.au/ I gather that they set some file in the DNS records that point the domain http://SUB-group.somegroup.org.au/ to the same IP address of the virtual server as it has now and I add a VirtualHost section to the httpd.conf or what ??? For a subdomain the extra user group would have to pay $15/month which is piddling but still ... users.. :-) Mike -- Michael Lake Chemistry, Materials & Forensic Science, UTS Ph: 9514 1725 Fx: 9514 1460 -- UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
