On Mon, Mar 24, 2003 at 11:19:42AM -0500, Jeremy Warren wrote: > Sorry for the lack of detail... > > Basically, > > It's a 3rd party java based application, numerous configuration files, etc, > which are dynamically updated via the application itself. Lots of log > files, etc. The users access it via a web page front end, but our > developers are asking to get "beneath the covers" while it's running. > > Right now I am using a restricted ftpd where then can only do "gets" from > various directories. That way they can pull the files back that they need > to look at for debugging, monitoring, etc. The developers are complaining > that what they really need is "telnet/ssh" access so that they can get in > and look at the filesystem as a whole. I realize that they "should" be > able to do this all via FTP, but I have been told to come up with a > solution to make this work for them.
ftp is bad to begin with, as it has trivial plaint-text authentication, like telnet and pop3. It is no use limiting their access to the system to restricted "guest accunts": whoever has access to those accounts (possibly by sniffing) is able to write the configuration files of this complex java app. The developers want shell access. Shell access is considered problematic because a user with a shell account is in a better position to harm the system. However a system generally needs user in order to get something done (sysadmins are also known to be the causes of some incidents to systems from time to time ;-) ). So the first question is: what do they need shell access for? do they need full shell access? * What do they need to run? Is it a something from certain set of commands? If so: take a look at rbash, pdmenu, and similar. > > So I guess a better way to word it would be that I am looking for a way to > grant them read-only access to the filesystems on the host. But Linux > Owner/Group/World Permissions won't work since I can't really muck with > them since they are set by the vendor. They have certain areas which are > validly world writeable, but where an accidental key stroke could wreak > havoc on the app, so I need to guarantee read only to those areas. ( I > sure do miss RACF at times ) A standard unix shell account gives "read-only" access to the system, except to the home directory, /tmp and a number of other places. Generally a shell user is not supposed to be able to harm the system in any way (though defending the system against denial-of-service from local shell users: fork bombs and friends, takes some extra settings). Any such method is a security hole that should yield a security-fix of a locally-exploitable security hole. Note that I wrote "is not supposed to" and not "is not". You are keeping your systems up-to-date, right? > > I like the idea of another image which mounts all the filesystems RO, but I > need to investigate it further and try some experiments. I have also found > a couple of interesting discussions by searching on kiosk and restricted > shell which Tzafrir Cohen recommended, but I still need to do some digging. Mounting the system read-only may work. But remember that some actual work has to be done on this system. That is: those developers need to actually change config files. -- Tzafrir Cohen +---------------------------+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---------------------------+
