DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th December 2011
steamrent steamrent is offline
New User
 
Join Date: Dec 2011
Posts: 5
Thanked 0 Times in 0 Posts
Default Is OpenBSD secure by default from ssh users?

Say for instance I create a new user on a default install of OpenBSD, and the home directory for this user being /home/user/.

If the user ssh's in, how much restricted access does he have outside of his own home directory? Is there anything sensitive such as files with information I may not want this user viewing or altering? Is there a way I can restrict this user to viewing/modifying his own home directory only, and not being able to view/modify anything outside of it?
Reply With Quote
  #2   (View Single Post)  
Old 19th December 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by steamrent View Post
If the user ssh's in, how much restricted access does he have outside of his own home directory? Is there anything sensitive such as files with information I may not want this user viewing or altering?
It appears you are confusing the role of SSH & the shell in which users utililze. If your goal is to restrict what directories users can move into, you may want to look at the -r switch to ksh(1).
Reply With Quote
  #3   (View Single Post)  
Old 19th December 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,709
Thanked 214 Times in 189 Posts
Default

One can also chroot individual users or groups of users, though this is almost only used with sftp-only users who are just using the account to upload/download files, and who do not need any shell access.

Any shell users who are chrooted would require complete virtual filesystem environments, including their own /dev, /bin, /usr/bin, /usr/local/bin, /usr/lib, /usr/local/lib ... and probably a few more file structures I've forgotten.

If you want to keep users' private information private, it is much simpler to restrict their $HOME directories to their own use, or restrict to a group use if managing groups of users who share information.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security by default bettyblue OpenBSD Security 4 30th May 2010 08:30 PM
how to secure my ftp? milo974 OpenBSD Security 3 4th August 2009 03:47 PM
Is this secure? Ungenious OpenBSD Security 4 30th November 2008 02:27 AM
Cisco Secure ACS 4.1 syslog OpenBSD 3.9 cyberpaisalegionair OpenBSD General 1 24th July 2008 06:42 PM


All times are GMT. The time now is 03:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick