2

I'm planning to offer a backup service with limited ssh access.

The best solution i've thought of so far would be to use chroot and allow access only to certain commands like: cd,mkdir,mv,rm,rsync,sftp etc, and mount the home directories as noexec.

I'm planning to do this on a centos 7 system.

Is there any way that a malicious customer could break out of the chroot system and invade other user's data or create other issues? Any other security considerations?

VelDev
  • 57
  • 1
  • 8
  • Have you considered an SFTP-only chroot jail? Assuming it's mainly just a backup service. – Parthian Shot Nov 16 '16 at 01:22
  • Yes, but i wanted to offer git and rsync as well. – VelDev Nov 16 '16 at 15:32
  • well, `git` is its own subsystem. And your users can use `sshfs` with `sftp` and then rsync from the mounted directory into other directories. That said, I don't know whether `rsync` is actually efficient in that scenario, or whether it just ends up being about the same level as `scp`. – Parthian Shot Nov 16 '16 at 23:04

1 Answers1

1

I would suggest you take a look at unprivileged containers: https://linuxcontainers.org/lxc/getting-started/

Containers provide better isolation compared to a chroot jail. It still has low overhead. LXC uses minimal resources in terms of RAM and HDD space without the overhead of installing a guest OS in a virtual machine.

eKKiM
  • 1,540
  • 9
  • 23
  • Thank you for the suggestion, i've been thinking that the lxc containers would provide much more functionality and risks compared to the limited shell option. – VelDev Nov 16 '16 at 15:33