Gentoo Archives: gentoo-hardened

From: Michael <mycroes@××××××.nl>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Managing users for clients (persons)
Date: Sun, 15 Apr 2007 00:14:11
Message-Id: 1176595930.5927.17.camel@Pundit-p1-ah2
1 Hello all,
2
3 I'm currently working on a hardened install for a web/mail-server.
4 Clients need to be able to upload their site content, either by ftp or
5 sftp... As I see it now, there are three options for user management:
6 1. Add real users to the system
7 2. Add virtual users to a mysql db, use one user for files and let
8 programs use the database
9 3. Use pam-mysql or nss-mysql to have the users in a database
10
11 Personally I'd prefer using a database because of the management, but
12 I'm not considering security at all in this preference. I bet some of
13 you ran into the same problem and took one of the approaches I mentioned
14 above.
15
16 Because clients are using php too I don't know if it's advisable to use
17 one user on the system and virtual users for ftp/sftp access. Next to
18 that it would be nice to have decent quota support, so in that case I
19 guess point 2 won't work...
20
21 Anyway, I hope someone who used one of these methods on a production
22 server can tell some more about what's the best way to solve this
23 problem and why it's the best way.
24 Greetings,
25
26 Michael
27
28 --
29 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] Managing users for clients (persons) Adam Lantos <hege@××××××.org>