ispCP - Board - Support
opinions requested - giving users shell access vuxxxx - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: opinions requested - giving users shell access vuxxxx (/thread-7255.html)

opinions requested - giving users shell access vuxxxx - gilbert - 07-19-2009 11:32 AM

Hi,

I was wondering if I could get some opinions on what the risks are to give hosting customers shell access.

If anyone does it, are there some steps to do it in the most secure possible way?

I am strongly requesting granting ssh access via static ip.

Any thoughts would be welcome.

Thanks,
Gilbert.

RE: opinions requested - giving users shell access vuxxxx - joximu - 07-20-2009 08:37 AM

really secure would be a root-jail but then you need to configure all programms so that the user can use them.
On the other hand: what should they allowed to do on the shell? if everything, then they also can install a password cracker and try to hack the database for example.

If you just enable login via ssh (with normal bash) then they are abler to inspect the server and maybe more.

So - it's up to you, how much you can trust your customers.

/J

RE: opinions requested - giving users shell access vuxxxx - gilbert - 07-28-2009 07:51 AM

I trust this client

I would prefer to have root-jail but I guess that is too much to configure.

Thanks for your answer.


(07-20-2009 08:37 AM)joximu Wrote:  really secure would be a root-jail but then you need to configure all programms so that the user can use them.
On the other hand: what should they allowed to do on the shell? if everything, then they also can install a password cracker and try to hack the database for example.

If you just enable login via ssh (with normal bash) then they are abler to inspect the server and maybe more.

So - it's up to you, how much you can trust your customers.

/J


RE: opinions requested - giving users shell access vuxxxx - joximu - 07-28-2009 05:45 PM

you can edit /etc/passwd - just put the right shell there (/bin/bash or /bin/my-root-jail instead of /bin/false). Then they can login. Passwd is the same as they got for login into ispcp. Username = first field in line (vu2001, vu2002 etc).

/J

RE: opinions requested - giving users shell access vuxxxx - kilburn - 07-29-2009 11:15 AM

Quote:Passwd is the same as they got for login into ispcp.
AFAIK ispcp creates the users without password, so you'll have to assign one for them manually (just run "passwd vuXXXX").

RE: opinions requested - giving users shell access vuxxxx - joximu - 07-29-2009 07:48 PM

(07-29-2009 11:15 AM)kilburn Wrote:  
Quote:Passwd is the same as they got for login into ispcp.
AFAIK ispcp creates the users without password, so you'll have to assign one for them manually (just run "passwd vuXXXX").

you're right.
sorry.

/J