| 1 |
Hello, |
| 2 |
|
| 3 |
I run a development server for our company (SFTP, web, php |
| 4 |
developments, mailing lists). |
| 5 |
|
| 6 |
-gentoo-hardened (grsecurity) |
| 7 |
-ldap database for user authentication |
| 8 |
-apache2+suphp |
| 9 |
|
| 10 |
I personally prefer Ldap over mysql because of its optimized |
| 11 |
performance, and scalability. Ldap is stable enough, and it's much |
| 12 |
more secure than mysql (using TLS for connections, you can set ACLs). |
| 13 |
You can store virtually anything related to users without bothering |
| 14 |
with database schemes - quotas, email accounts, database |
| 15 |
configurations, apache configuration and so on... Ldap is faster too |
| 16 |
because of the binary database backend it uses. And much more tools |
| 17 |
support Ldap, so you can use one password to sftp, one password to |
| 18 |
apache htaccess, ... easier than with mysql. |
| 19 |
|
| 20 |
With grsecurity/rsbac/rbac you can limit any aspect of clients |
| 21 |
(restrict client socket connections, /tmp usage, log audit events). |
| 22 |
Use chroot is you want to separate users strongly from each other. |
| 23 |
|
| 24 |
With the use of SUPhp your customers can run their scripts with their |
| 25 |
privilege level. (So no world-writable files required, and the |
| 26 |
privileges of PHP is in your hand, customize it per customer.) |
| 27 |
|
| 28 |
Some things to consider: |
| 29 |
-FTP is insecure, because it sends the password in plaintext. |
| 30 |
-SFTP is better, but it uses more CPU. Set rssh shell, and customize |
| 31 |
pam. I think you don't want to give them full shell access. |
| 32 |
-If the LDAP is down, your whole hosting system become unusable. The |
| 33 |
same thing is with the mysql, so it's not a big problem. |
| 34 |
|
| 35 |
|
| 36 |
yours, |
| 37 |
Adam |
| 38 |
|
| 39 |
On 4/15/07, Michael <mycroes@××××××.nl> wrote: |
| 40 |
> Hello all, |
| 41 |
> |
| 42 |
> I'm currently working on a hardened install for a web/mail-server. |
| 43 |
> Clients need to be able to upload their site content, either by ftp or |
| 44 |
> sftp... As I see it now, there are three options for user management: |
| 45 |
> 1. Add real users to the system |
| 46 |
> 2. Add virtual users to a mysql db, use one user for files and let |
| 47 |
> programs use the database |
| 48 |
> 3. Use pam-mysql or nss-mysql to have the users in a database |
| 49 |
> |
| 50 |
> Personally I'd prefer using a database because of the management, but |
| 51 |
> I'm not considering security at all in this preference. I bet some of |
| 52 |
> you ran into the same problem and took one of the approaches I mentioned |
| 53 |
> above. |
| 54 |
> |
| 55 |
> Because clients are using php too I don't know if it's advisable to use |
| 56 |
> one user on the system and virtual users for ftp/sftp access. Next to |
| 57 |
> that it would be nice to have decent quota support, so in that case I |
| 58 |
> guess point 2 won't work... |
| 59 |
> |
| 60 |
> Anyway, I hope someone who used one of these methods on a production |
| 61 |
> server can tell some more about what's the best way to solve this |
| 62 |
> problem and why it's the best way. |
| 63 |
> Greetings, |
| 64 |
> |
| 65 |
> Michael |
| 66 |
> |
| 67 |
> -- |
| 68 |
> gentoo-hardened@g.o mailing list |
| 69 |
> |
| 70 |
> |
| 71 |
-- |
| 72 |
gentoo-hardened@g.o mailing list |
Archives