On 2006-02-08 17:35:12 +0100, Christian Boltz wrote:
I guess the better answer would be "scponly" or "rssh" which I already added to productivity wishlist some time ago.
did you ever look at the code of both? both had recently the same type of security hole. atm i say thanks no. JFYI i did the scponly package once but atm i wouldnt put it on a product.
Of course there's nothing wrong with additional protection using AppArmor, but AFAIK AppArmor can't restrict (chroot) a customer to his webspace as FTP (unencrypted, I know), scponly or rssh can do.
$ rpm -ql pam-modules | grep chroot /etc/security/chroot.conf /lib/security/pam_chroot.so /usr/share/doc/packages/pam/modules/README.pam_chroot-0.6 hope this helps darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org