Permissions on /etc and other folders

Brandon.Wamboldt · 05-04-2009, 05:14 PM

I plan on allowing certain users to have ssh access to my server. I am going to configure an ssh jail for them, but to have extra security, which directories are safe to chmod to x00?

I doubt that I can chmod /etc/ to x00, but any other directories?

Thanks

Also, what should I use to chroot a user into his/her home directory of /home/sshusers/<user>. I need them to be able to follow symlinks

unSpawn · 05-04-2009, 06:14 PM

To understand better, could you indicate what business these users have on the server? I mean is this like a regular shell hosting job, is it part of webhosting, are they developers or system admins? And what distribution+release would the machine run?

Brandon.Wamboldt · 05-04-2009, 06:24 PM

I am a web developer, and I host all of my clients. Some of them wish to have shell access for developing and testing cgi applications, and editing files securely if they don't have access to FTP.

I am running CentOS 5.3

unSpawn · 05-04-2009, 06:51 PM

Well, there's restricted shells like Rssh (http://www.cyberciti.biz/tips/rhel-c...ell.html/print), "oldschool" chrooting (http://wiki.linuxquestions.org/wiki/OpenSSH_chrooting) which requires patching OpenSSH and OpenSSH-5 acquired the "ChrootDirectory" directive in 2008 allowing you to chroot users without intervention from other software. Unfortunately that version of OpenSSH is not in 5.3 repo's I know of (I don't use EPEL, CentOSPlus or Singh's repo so do check). With a .spec from a current OpenSSH .src.rpm I think building that version would be easy or apparently recent Fedora RPM could be rebuilt in Centos.