[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] telnet/ssh
- Subject: [cobalt-users] telnet/ssh
- From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
- Date: Sun Jan 21 16:14:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Ooookay, next question!
I've got a user who has telnet access who's been cruising all around the
server reading stuff. I don't think this user means any harm; he's just more
familiar with *nix than I am and is looking to see how things are set up on
the Cobalt and what stuff I have tweaked to my liking.
However, I don't want him to be able to just cruise into another user's
directory and, for example, read that person's config.php file to access
their mysql database.
I've been digging in the archives and found this:
http://www.aarongifford.com/computers/chrsh.html
"A chroot jail wrapper for ordinary Unix shells"
I read this and blink repeatedly with a dumbfounded look on my face.
Also, I've seen a lot posted about SSH - but I have no idea if this will do
what I'm hoping it will?
And I've seen a *lot* of posts where trying to install the ssh pkg from the
cobalt download site has broken things left and right. *shivers*
I've also found something called a 'restricted shell':
http://www.gnu.org/manual/bash/html_node/bashref_65.html
But I have no idea how to get Bash to start up automatically with the
restricted option. Would I have to recompile something?
What would be ideal would be to turn off telnet access for the users that
have it now (except for me) and then give them some other way to run command
line stuff that is in their directory (like checking to see where a cgi file
is exiting and why). When I had a site with communitech.net there was a
feature like this; and on one of my free websites at Hypermart.Net they've
got a page where you can type in a command on a web page and it will return
what would normally be returned through a telnet prompt. That would work
too.
Any ideas?
Carrie