[Techtalk] sharing files - ssh and ftp

[kim dang]

ok, this is really simple and as this list is not
archived, let me tell the reason why i want them not
to roam around and someone might get a laugh and have
a set-up suggestion.

I am friends with some of my ex's still and i want to
make accounts for all of them on my server, but if
they can see (browseable) the names of the others
someone might get hurt (i dont know why - i'm not a
therapist - but i am practical and as an admin of this
server i want to avoid the political repercussions of
sharing the virtual space). Besides with SCP they can
even see /bin, /etc..., and I dont think thats a good
thing.

I mainly want a /pub folder where a few "priviledged"
users will be able to upload stuff for everyone to be
able to access/download. Everyone with an account
should then be able to SCP with some SCP app and
download the stuff there.

If this were a business server they would all just
have to deal with the fact that they are sharing the
virtual space. Since this is not a business server, i
have realized lately that i could receive strange
emails/complaints which are unavoidable but i would
like to minimize.

If you dont think that sharing virtual space can be a
personal issue, let me tell you a story. I once worked
at this University and there was some scandal going on
between the grad students of Dept. A and this certain
professor. (to this day i am so thankful that i was
never a grad student of Dept. A). Anyway, the grad
administrator was friends with said Prof. who was not
beloved by the majority of the grad students. One day
he came to me and frantically said that Finger should
be disabled because he was sending emails out from the
Professor's house one night and someone "fingered" him
and it caused problems b/c they realized that he was
at the Prof's house. I said it wasnt just up to me and
there were so many other commands that could be used
to check up on him, and besides you can also just view
the full header of any email to see where it came from
and it often has the user name of the ISP account in
there somewhere so people would still know he was at
the Prof's house. (i'm just telling stories..., but
the point is that being an admin i think is being a
bit of a negotiator,a politition, and an ambassador).

Ultimately, i just want to share files, because that's
the nice thing to do, but i dont want anyone to see
the other /home directories, because some people don't
play nice. Also, some of these users are not savy, so
I don't want them to muck anything up. And I was
thinking that SCP was more secure than FTP.

best,
kim




--- Mary <mary-linuxchix at puzzling.org> wrote:
> On Sat, May 03, 2003, Rasjid Wilcox wrote:
> > How would this allow you to restrict a user to
> their home directory?
> > You could stop them using 'cd', but then the user
> could not navigate
> > around their own home directory structure.
> 
> It wouldn't, you'd need to use a chroot jail I
> think. And the trouble
> with a jail is that you can't use anything much
> outside it at all, for
> example /usr/bin stuff - or the ssh binaries.
> 
> However, it depends *why* you want to restrict them
> to their home dirs.
> 
> If it's because "I don't want them executing
> commands, I don't want this
> to be a shell account, I just want them to be able
> to scp files they
> have permission to read to and fro" then using this
> command will limit
> the commands they can run to ssh alone, and standard
> permissions will
> bar them from files they aren't meant to read.
> 
> If it's a "I seriously do not trust them, and I want
> to lock them down
> so tight they can barely move" then chroot is more
> like an answer.
> 
> -Mary
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com