Current time: 12-24-2024, 09:17 AM Hello There, Guest! (LoginRegister)


Post Reply 
opinions requested - giving users shell access vuxxxx
Author Message
gilbert Offline
Junior Member
*

Posts: 45
Joined: May 2007
Reputation: 0
Post: #1
opinions requested - giving users shell access vuxxxx
Hi,

I was wondering if I could get some opinions on what the risks are to give hosting customers shell access.

If anyone does it, are there some steps to do it in the most secure possible way?

I am strongly requesting granting ssh access via static ip.

Any thoughts would be welcome.

Thanks,
Gilbert.
07-19-2009 11:32 AM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #2
RE: opinions requested - giving users shell access vuxxxx
really secure would be a root-jail but then you need to configure all programms so that the user can use them.
On the other hand: what should they allowed to do on the shell? if everything, then they also can install a password cracker and try to hack the database for example.

If you just enable login via ssh (with normal bash) then they are abler to inspect the server and maybe more.

So - it's up to you, how much you can trust your customers.

/J
07-20-2009 08:37 AM
Visit this user's website Find all posts by this user Quote this message in a reply
gilbert Offline
Junior Member
*

Posts: 45
Joined: May 2007
Reputation: 0
Post: #3
RE: opinions requested - giving users shell access vuxxxx
I trust this client

I would prefer to have root-jail but I guess that is too much to configure.

Thanks for your answer.


(07-20-2009 08:37 AM)joximu Wrote:  really secure would be a root-jail but then you need to configure all programms so that the user can use them.
On the other hand: what should they allowed to do on the shell? if everything, then they also can install a password cracker and try to hack the database for example.

If you just enable login via ssh (with normal bash) then they are abler to inspect the server and maybe more.

So - it's up to you, how much you can trust your customers.

/J
07-28-2009 07:51 AM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #4
RE: opinions requested - giving users shell access vuxxxx
you can edit /etc/passwd - just put the right shell there (/bin/bash or /bin/my-root-jail instead of /bin/false). Then they can login. Passwd is the same as they got for login into ispcp. Username = first field in line (vu2001, vu2002 etc).

/J
07-28-2009 05:45 PM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #5
RE: opinions requested - giving users shell access vuxxxx
Quote:Passwd is the same as they got for login into ispcp.
AFAIK ispcp creates the users without password, so you'll have to assign one for them manually (just run "passwd vuXXXX").
07-29-2009 11:15 AM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #6
RE: opinions requested - giving users shell access vuxxxx
(07-29-2009 11:15 AM)kilburn Wrote:  
Quote:Passwd is the same as they got for login into ispcp.
AFAIK ispcp creates the users without password, so you'll have to assign one for them manually (just run "passwd vuXXXX").

you're right.
sorry.

/J
07-29-2009 07:48 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: