secure shell system

Stuart Jansen sjansen at
Sun Apr 18 17:55:05 MDT 2010

On Sun, 2010-04-18 at 12:24 -0600, Christer Edwards wrote:
> I've been doing some research recently on securing and limiting shell
> access to a server. I thought I would pose the question here.
> Hopefully we'll all get something beneficial out of the discussion,
> and it'll give us a break from name calling on the Net Neutrality
> thread. :P

So, what, you want free consulting? We should just give you our valuable
intellectual property? Marxist!

> What operating system / distribution would you use? Why?

Linux. Duh. It runs on everything, it's highly configurable, and I know
it well. Marxist.

> What would you use to ensure privacy between users (home folders,
> personal files, etc)

If standard unix permissions and FACLs aren't enough, I would use PAM
and/or SELinux. For example, check out Fedora's xguest. We're using
something inspired by it to allow customers to run a graphical app
remotely in a very locked down but useful environment. Marxist.

> What would you use to ensure users don't use too many resources (cpu,
> memory, disk space, etc)

Oh, you know, pam_limit, quotas, cgroups, the usual. Marxist.

> What would your partitioning scheme look like? Why?

/     - Everybody loves root
/tmp  - Tighter mount options
/home - Quotas
Maybe more.

> What other security/privacy/resource utilities would you implement on
> your system?

Network bandwidth. Storage bandwidth. Marxist.

"XML is like violence: if it doesn't solve your problem, you aren't
using enough of it." - Chris Maden

More information about the PLUG mailing list