Re: Not OFFLIST Re: TECH: info on ftp
| From: | Sai Emrys <sai@...> |
|---|
| Date: | Wednesday, August 27, 2008, 19:07 |
|---|
On Wed, Aug 27, 2008 at 5:33 AM, Mark J. Reed <markjreed@...> wrote:
> If you have ssh access you can actually execute commands on the server, in
> addition to
> reading and writing files, which is more dangerous for them.
Not necessarily - you can chroot them (i.e. restrict what they can see to a
very limited, heavily sandboxed subsystem) and set their shell to something
like /usr/bin/false or scp itself ;-)
That way, they can only do whatever you specifically allow them to do
(unless they manage to crack scp or break out of chroot, which granted has
happened but is pretty damn rare & requires serious skill).
- Sai