roland wrote: > On Thu, 12 Aug 2010 15:31:04 +0200, Tim <ignored_mailbox@xxxxxxxxxxxx> > wrote: > >> On Thu, 2010-08-12 at 14:40 +0200, roland wrote: >>> I would like to give someone a login on my server. >>> But, I would like to limit access to his home dir. >>> >>> With Nautilus, Konqueror or from distance with p.e. Winscp, this >>> person could see what he wants and do maybe the unexpected. >> Unless you get slack with permissions, they can't read files owned by >> someone else unless those files have read permission for "other" users. >> Likewise, regarding writing to them. No ordinary user can change system >> or application files, only their own files. >> >> And, as far as restricting them, that may depend on what you mean by >> logon to your system. You're sharing out a drive, directories, or >> actually allowing a direct logon where they can run things. >> > Someone who will install a website on the server. So I thought to give him > a login and config apache to read the dir in his home dir. > He has to upload the files for this site. So I won't him to see only his > home dir. > > So actually he will not run something, just install. > Complex solutions (require building an environment): - chroot setup - virtual machine Other solutions: - sftp - rsync (possibly with relative option) Note that ssh should be used, with a private key and entry in authorized_keys. This has two benefits, one being that he doesn't have (or need) the password, and the authorized_keys file can restrict him to executing one and only one command or sequence of commands. This eliminates the need for an interactive login, always nice. I would think about letting him provide CGI, that kind of bypasses all the protections unless you run him full time in a VM. Just my thought on it. -- Bill Davidsen <davidsen@xxxxxxx> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
