On 4/13/2010 2:11 AM, gm5729 wrote:
> I totally hear what your saying on wanting them to be able to change
> their passwords. A script would have to be written to do so on a web
> page depending on if you can script or someone else will in the dept
> or outsource it.
>   
I'm the only one who could write such a script (see below), but I don't
know any languages that would be helpful (the only languages I know
beyond a few very simple commands are Bash and batch files). I'm sure
PHP would be helpful.
> You are giving them openssl/shell access (which
> is closely related to ssh/d) by logging in on one end of a secure
> site, but wanting to deny them on the other. If you can't trust your
> users in what sounds like a business atmosphere IMHO they shouldn't
> ever be allowed access to the box.
This is a private server (remote access only since we're renting the
box) used for file transfer among friends. I trust the others not to
intentionally try to compromise or damage the system, but they're
clueless when it comes to Linux and the command line. They don't need it
and if an attacker compromised one of their accounts, he would have a
hard time doing any real damage beyond deleting all the files the user
is allowed to access (and the users are even chrooted to the common file
share directory). I'm administering it because I'm the only who has a
clue how to run Linux. I've never run a server before, so I still have
much to learn.
> With the above files you can parse
> down to who can use a cdrom drive, adn who cant, lock down all
> usb/storage.
Who can access which directories is done by Apache and the FTP daemon.
Who can access which services is done by the firewall.