-1

During the installation phase there is an extra user account created other than root.

Since I use SU to stop brute force attacks through SSH I have chosen this user to do SSH. But apparently that account can traverse the file structure. Questions:

  • Does using that user for SSH create a security hole?
  • Can/should I restrict this user's permissions and in what way?
  • Should I create another user?
Dennis Williamson
  • 62,149
  • 16
  • 116
  • 151
Cudos
  • 539
  • 2
  • 7
  • 18

1 Answers1

4

The user created during the installation process of Debian has no special privileges. What do you mean by "traverse the file structure" ? Navigation in the file system is normal for any user on a UNIX system (ie, read access to /var, /etc and so on). This does not pose a security issue as long as you are careful not to let users have read access to sensitive configuration files (ie, containing passwords).

Creating another user won't change the issue in any way.

If you wish to restrict access to the file system to users logging in through SSH, you should take a look at the ChrootDirectory configuration option of OpenSSHd.

François Feugeas
  • 1,413
  • 10
  • 17
  • Okay. Yes, I was worried that the user could see /etc /var etc. Normally that sets a warning flag for me when somebody can see the file structure after the gain access. Chroot sounds promising tho. – Cudos Nov 04 '09 at 10:28