![]() ![]() Use things designed for security, like the things below, to provide security). profile is that it's for convenience, not security, so it's not intended to restrict the user. profile to restrict users, as that's not what it's for (Edit: As Aleksi mentions in his answer, it is in fact trivial to bypass. The only way to stop them from doing this is to actually restrict their access. Ssh shell access download#This was such a simple thing to do when using a telnet/FTP combination, but now that I want to give the users access from anywhere on the internet, I haven't been able to find a way to shut them out of SFTP, while still allowing them access to the shell where they can run the app.Īs others have mentioned, disabling sftp isn't anywhere near sufficient - a user with unrestricted ssh access can view any file that their account has permissions to view, can modify anything they have permission to modify, and can easily download anything they can read to their own machine. Now here's the problem: If I give the users SSH access, they will also be able to log in using an SFTP client, which will give them direct access to the data directories for the app, which is VERY undesirable, since that will also give them access to the data directories to which they should not have access. Users are granted access to only the clients that they will need access to. Upon startup, the app presents the user with a list of clients that can be accessed through the app, with each client having their own data directory. I only want them to be able to access this console app through the interface provided by it. profile, there is a startup command for the app, and directly after the command that starts it up, there's an "exit" command, which logs them out of the system. ![]() I have a console app, and in each user's. ![]() However, here's the scenario, and what makes it necessary: I've searched for a viable answer to this question, and most of the answers include advice on why to not do it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |