On Tue, 24 Feb 2004, Philippe Vogel wrote:
Hello!
I want to restrict user rights but give users ssh access. The users may use ssh, scp, sftp, but should not alter the server, if someone doesn't know much about scripting and for securing the server to possible kiddies with console-account. I setup following:
/etc/security/limits.conf
@admin - @users hard priority 17 @users hard maxlogins 2 @users hard core 0 @users hard cpu 10 @users hard data 8196 @users hard fsize 8196 @users hard memlock 2048 @users hard nofile 64 @users hard nproc 8 @users hard rss 8196 @users hard stack 2048 @users hard as 16384
What setting is needed, what settings are O.K. and what makes working impossibles canot be found in the manpage.
Is there a possibility to secure the server, that users in group users cannot open socket without a kernel-patch?
Any hints?
Philippe
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
If you have concerns about your users and you have to give shell accounts, you might want to look at chrooting (jailing) their home directories. If you have *really* serious concerns and you can't avoid giving shell accounts, you might consider sealing the kernel with GRsecurity or LIDS. You may also want to consider deploying the bash restricted shell, which makes it tough for them to get out of their home dirs. -- -linux_lad public key on request