On 17-Jan-99 Reagan Blundell wrote:
>> Create a file in .ssh owned by root with owner write only. Change the
>> owner of .ssh to root and set it owner write only. Now the user cannot
>> delete the directory.
>
> They might not be able to delete it, but they can still re-name it.
It seems like it would be pretty easy to change sshd to use
/var/ssh/$user/ instead of $home/.ssh/. Make each /var/ssh/$user and
contents owned by a non-login account (or root). You may be able to make
them owned by a "sshadmin" group for easy maintenance, though I seem to
recall sshd being unhappy with group-write privs on those files.
This way, the users don't have write access to any part of the tree above
their ssh directory and so cannot muck with it. The admin can set up the
files.
I haven't actually tested this, but it seems straightforward enough. I
don't know if sshd wants write access to the ssh dir for known_hosts and
random_seed; I think only ssh (not the daemon) cares.
-Kevin
PGP signature
