On 13/05/13 10:04, Chris Davies wrote:
> The Natural Philosopher <t...@invalid.invalid> wrote:
>> Looking to allow users limited access to restricted areas to upload
>> web sites etc..
>> I would prefer it if these users
>> - only had ftp access.
>> - shared a common LINUX user id
>> - all belonged to www-data.
>> - had a separate password file.
>> - ended up in the root of their webservers using FTP.
> Me, I'd seriously consider sftp rather than ftp. There are plenty of
> sftp-capable packages available; I'd recommend WinSCP for Windows,
> for example.
>
> If you really want to provide ftp, then I'd reluctantly recommend
> vsftp. I'm pretty sure it satisfies everything on your shopping list.
Ok I'd looked at that but wondered if there was anything better.
>
>> and finally, if code like PHP was enabled for them, is there anyway to
>> stop them using that to access other parts of the machine outside a
>> chroot jail?
> If you've allowed PHP then you've allowed access to anything.
there seems to be an apache level config for php (open_basedir) which
stops php accessing anything from apache webserver X outside of what's
specified in X's config file. I'll reserach that further@ hapy to
provide e.g. mysql access via local socket,. not happy to be anble to
file_read_contents of any file on the whole server :-)(
> (Even if
> you don't install something, it becomes pretty easy to upload it.) So
> you need to be absolutely sure your chroot jail is sufficient to restrict
> your users.
well its the right balance: you at upload php addons that are compiled
modules for example.
Nor can you mess with apache server settings and (some) PHP initfile
conditions either.
> Have you considered compute and memory resource management so as you
> limit the collateral damage that a runaway process can trigger?
Not yet, but I will..since you have said it. One I have considered is
having a separate way to access the server than the stock internal port
so that a flooded network wont block admin access. Its seems to me that
a hosted virtual server whose console is via a different route entirely
might be handy there, so that at some level you can stop server process
and look at the logs if it goes tits up.
> Chris
>
Chris many thanks. I looked at vsftp and wondered if it was the
generally recognised 'as good as it gets withkout encyrypting' sort. I
am not actually bothered if noddy e users get their passwords stolen by
wifi-ing them on in secure channels. I am concerned if the same
user/name password combo allows them access to parts of the machine they
aint paid for or part of the machine their privilege level does not
imply. So I am looking to find the right cost/benefit compromise that
gives them most of what they want with the least risk.
The idea is to provide my users potenatial and actual with as much
freedom as they can handle, knowing that they are a lazy security
unminjded bunch of total idiots who will break anything that can be
broken, and whose websites may well be attacked by people who dont like
them, or by people doing it just because they are there, and I want to
proto up a system on a virtual server I have first to test it all
out,...and see if I can break its security. Or stress its network to
effective saturation, and still get in and stop it.
To date I've been sticking peoples websites up for them, so that's fine.
To allow them enough freedom to stick their own up involves opening the
can of worms you have completely understood :-)