1 |
Hello, |
2 |
|
3 |
I run a development server for our company (SFTP, web, php |
4 |
developments, mailing lists). |
5 |
|
6 |
-gentoo-hardened (grsecurity) |
7 |
-ldap database for user authentication |
8 |
-apache2+suphp |
9 |
|
10 |
I personally prefer Ldap over mysql because of its optimized |
11 |
performance, and scalability. Ldap is stable enough, and it's much |
12 |
more secure than mysql (using TLS for connections, you can set ACLs). |
13 |
You can store virtually anything related to users without bothering |
14 |
with database schemes - quotas, email accounts, database |
15 |
configurations, apache configuration and so on... Ldap is faster too |
16 |
because of the binary database backend it uses. And much more tools |
17 |
support Ldap, so you can use one password to sftp, one password to |
18 |
apache htaccess, ... easier than with mysql. |
19 |
|
20 |
With grsecurity/rsbac/rbac you can limit any aspect of clients |
21 |
(restrict client socket connections, /tmp usage, log audit events). |
22 |
Use chroot is you want to separate users strongly from each other. |
23 |
|
24 |
With the use of SUPhp your customers can run their scripts with their |
25 |
privilege level. (So no world-writable files required, and the |
26 |
privileges of PHP is in your hand, customize it per customer.) |
27 |
|
28 |
Some things to consider: |
29 |
-FTP is insecure, because it sends the password in plaintext. |
30 |
-SFTP is better, but it uses more CPU. Set rssh shell, and customize |
31 |
pam. I think you don't want to give them full shell access. |
32 |
-If the LDAP is down, your whole hosting system become unusable. The |
33 |
same thing is with the mysql, so it's not a big problem. |
34 |
|
35 |
|
36 |
yours, |
37 |
Adam |
38 |
|
39 |
On 4/15/07, Michael <mycroes@××××××.nl> wrote: |
40 |
> Hello all, |
41 |
> |
42 |
> I'm currently working on a hardened install for a web/mail-server. |
43 |
> Clients need to be able to upload their site content, either by ftp or |
44 |
> sftp... As I see it now, there are three options for user management: |
45 |
> 1. Add real users to the system |
46 |
> 2. Add virtual users to a mysql db, use one user for files and let |
47 |
> programs use the database |
48 |
> 3. Use pam-mysql or nss-mysql to have the users in a database |
49 |
> |
50 |
> Personally I'd prefer using a database because of the management, but |
51 |
> I'm not considering security at all in this preference. I bet some of |
52 |
> you ran into the same problem and took one of the approaches I mentioned |
53 |
> above. |
54 |
> |
55 |
> Because clients are using php too I don't know if it's advisable to use |
56 |
> one user on the system and virtual users for ftp/sftp access. Next to |
57 |
> that it would be nice to have decent quota support, so in that case I |
58 |
> guess point 2 won't work... |
59 |
> |
60 |
> Anyway, I hope someone who used one of these methods on a production |
61 |
> server can tell some more about what's the best way to solve this |
62 |
> problem and why it's the best way. |
63 |
> Greetings, |
64 |
> |
65 |
> Michael |
66 |
> |
67 |
> -- |
68 |
> gentoo-hardened@g.o mailing list |
69 |
> |
70 |
> |
71 |
-- |
72 |
gentoo-hardened@g.o mailing list |