Hi!
Thanks for the answer again.
On Fri, 22 Oct 2004 13:58:09 -0400, suse@rio.vg
Hugo wrote:
Again, I'm worried about how such a shell would work when the user logs in from the console (at home)? Or do I have to set up 2 accounts for each? That would really make a mess of the file permissions...?
Well, if you trust the user to be able to log in to the console, why not trust them when then sftp in? Given console access, I can own over 90%
Because, they access the computer from a computer and environment that is not possibly secure of course. For instance, open SFTP from work place. Suddenly the the boss asks you to hand out some papers... you go look for them... ah did I close the SFTP? I heppen to be one of the guys that thing security policies are not much more than means to transfer the blame on somebody else. If there is a way to make the system secure, it should be made so... not write guidelines about it.
of the systems out there in minutes. Knoppix is the ultimate skeleton key.
To get to the console, you'd have to come to my home. To get SFTP connection, you do not. How much time would it take you to own a system with SSH/SCP/SFTP access with default SuSE 9.1 permissions? That's what I'm more conserned of.
Most hosting companies and whatnot do not have actual Unix accounts for their users. It's the best security of all: no user account, no login. We just give them FTP or access their files via an ssl website. Much more secure for all.
Well, at a company used to work for, we gave SCP/SFTP access to our clients to transfer data to us. Yes, results were given back sometimes through SSL. You suggest FTP! None of our clients would have done that!
That said, for some instances, I've used scponly to keep them in their place, but still allow secure file access. scponly is great. No worries about patching existing services.
I'm looking into it. It sure looks like the best alternative.
I guess Linux isn't that safe operating system after all... one really needs to know and be active (=spend lot's of time to get the basic stuff working) to get it safe. Or buy the stuff from SSH.
Remember, just because the user can browse the filesystem through sftp, doesn't mean they can access anything they don't have permission to. Sftp doesn't give them access to anything they couldn't already access by logging in. The user sees the same access regardless of whether they login or sftp in. This isn't a flaw, but actually DESIRABLE in 99% of the cases.
I beg to differ. I think it is desirable only for admin-type of users and geeks that want to know everything about everything. In our current organization we have one linux partition mapped directly as windows samba share. There are all the same stuff, like libs and binaries that we analysts need while working in Linux, and it really confuses the sales people for instance. They are sometimes even afraid to use it as it is packed with stuff they do not know. They would not want to see the same things there even though they have scp/sftp access to it also (and there they need all that stuff for it to work) ... but that's work, I'm trying to set this up at home and make a better job out of it - as you can tell, I'm not a sysadmin. :-)
If you give a user an account, you are trusting that user with the public areas of that server. That means they'll be able to see most of the system files, but not write to them. That also usually means they can't view other people's home directories, and it definitely means
Ah, but for instance in SuSE 9.1 default configuration they can see other users home dirs! And as I'm quite new to administrering linux, I do not know what other things they can see and should not be able to see!
they're not going to be seeing the inside of the file where the passwords are stored.
Ah, one of those things that I really do not know... as I suspect that somehow they need to be available for the initial autentication.
Unlike windows, Linux is designed to be secure even to people who access the general filesystem. It also allows you to tailor your system to create directories where certain groups of people have access, but not
This all applies to windows too. If you haven't notices. I do not want any win vs. linux here, but I must say that at least the default in windows is that the users can not view other users home dirs.
others. Also, there is a HUGE difference in Linux in the area of read vs. write access. A normal user has read access to most things, but can only write to a very limited area.
For instance, if I was a normal user on your system, I could sftp in and go to the /etc directory and see the passwd file, but I would be completely unable to upload a new one over it.
But if you can read it, you can start cracking it, right? I still fail to see why all users should even see those places? I mean that there is no switch that would restrict remote users from even seeing them. Because then that leaves me in a position that I can not open that service at all. I know that I do not know as much about linux as the possible hackers... and as default permissions might not be the most secure, I know that I will miss something and create a hole. But I'm really looking into the scponly shell. Thanks. -- HG