Re: [cobalt-users] WinSCP on a RAQ4

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

Joern Weber wrote:

> If I login with the username and password of a "normal" siteadmin
> I can have access to all other domains on that server and I can
> go "down" to the root directory with winscp. Well, I can't delete
> anything but I can see most dirs and copy their content.

That's true, because SCP uses the SSH protocol, which allows it to read
everything on the server that's world readable, just as if s/he had
logged in using SSH.  It's also true that everyone with SCP access can
also log in using SSH.

> That does not happen if I use WS_FTP.

That's true, because WS_FTP arbitrarily limits it based on a setting in
it's config file.  SCP has no such ability to limit.

> I will recommend the use of WinSCP to all our clients, but I don't
> want them to "sniffer" in all other directories.

You may not want to do that.  It's entirely up to you.  Most webhosting
companies don't encourage their clients to use SCP for precisely that
reason.

> Is their a way to restrict access only to that virtual domains for that user?

Having thought about this for a while, I think there is.  How easy it
would be to implement on a RaQ, I'm not sure.

There's got to be a way to setup a shell (SCP users need a "real" shell)
for chroot.

The disadvantage is you'd have to have copies of all the programs they
need in their own path.  If you've got 300 users, then, you'd need 300
copies of whatever programs they need (probably programs such as ls, cd,
etc.).

Anyone done this?

Jeff
-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";