Does the vendor need shell access? I mean, why scp? Is it just
because the transmission is encrypted, or you want passwordless login,
or something like that? If that's all you're after, you might want to
look into pure-ftpd (my very favorite ftpd) which has a very easy
built-in chroot environment, and supports SSL/TLS.
Another reason for SSL/TLS pure-ftpd is certain restrictions you can
apply if you want, like disallow filenames that start with a dot and
various other controls, backup replaced files, or whip out
pure-uploadscript for some really fancy stuff. But the biggest reason
is to limit what they can do to your system.
When it comes down to it, you don't want their shell command to be
anything other than /bin/false if you can avoid it. Otherwise those
"non-remote" or "local-only" exploits become big deals. And as an
aside, try to avoid things being writable by the uid/gid of your
web-server. Your web files should not be writable to apache except
for specific cases where an application might need to update specific
files or specific directories. You could put the vendor into a group
like htmluploaders (or whatever) and chgrp -R htmluploaders
/var/www/html and chmod however you need.
But with a real shell and no chroot, you're really opening yourself
up. They could, for example, fill up /tmp and /var/tmp, run
processor/memory intensive programs or anonymous proxies, etc, which
all in all could make for a bad day depending on your configuration.
What's the vendor really require?
~ Daniel
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:26:03 EDT