[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Secure setup
From: |
Johnix |
Subject: |
Re: [Duplicity-talk] Secure setup |
Date: |
Sun, 19 Dec 2004 14:36:59 +0100 |
User-agent: |
Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux) |
Mathias de Riese <address@hidden> writes:
C> Thomas Tempé (Johnix) wrote:
>
>>Should I set up a chrooted sshd on a non-standard port, with a
>>different /etc/passwd?
>>
>>Should I create an account and mess with Pam so that the given user
>>cannot do anything else than use SCP?
>>
>>
> I did something similar, but not with PAM: I set up a user with a special
> script as shell.
Not something I'd trust.
There are ways to gain a user's privileges without running his shell,
eg by using his mailbox, or an FTP account, or a web or Samba server
with $HOME access, or God knows what else.
Have fun,
--
Thomas Tempé
http://www.alysse.org/tom
pgpvtONvU1vv0.pgp
Description: PGP signature