[Novalug] Root in VM, restrict outbound connections

Joshua Ellsworth jrellsworth@gmail.com
Fri Aug 15 12:21:54 EDT 2014


Sounds like a ready-made problem for chroot


On Fri, Aug 15, 2014 at 11:34 AM, John Holland via Novalug <
novalug@firemountain.net> wrote:

> Here's one way you could do this -
>
> on the machine where you are willing to host his files, create a user for
> him. Give that user some space somewhere . possibly limit its size.
>  On your router/firewall, make ssh to this machine available somehow. let
> him rsync over ssh to the storage you provided him. get ssh keys set up so
> he can have a script that does this without requiring intervention.
>
> maybe some of the gurus here can come up with ways to further restrict his
> (or someone how steals his credentials) potential for trouble. You could
> make sure he is limited  using permissions, default shells, home dir, sudo
> etc to secure it.
>
> Basically, a grunt user and remote ssh access shouldn't be  big threats. I
> don't know that iptables or virtual machines need to be involved.
>
>
> --
> John Holland
> jholland@vin-dit.org
> gpg public key ID 0x9551CF2D
>
>
> **********************************************************************
> The Novalug mailing list is hosted by firemountain.net.
>
> To unsubscribe or change delivery options:
> http://www.firemountain.net/mailman/listinfo/novalug
>



More information about the Novalug mailing list