gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implement

From: Scott Parish
Subject: Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implementation prototypes
Date: Fri, 30 Jan 2004 21:42:11 +0000
User-agent: Mutt/1.2.5.1i 
On Fri, Jan 30, 2004 at 03:37:50PM -0500, Colin Walters wrote:

> Well, you would still have to allocate uids for the users, etc...it's
> either that or the subsystem runs in the sshd uid, which would be
> unacceptable.
> 
> Maybe another alternative would be some sort of PAM module which would
> map particular logins to a specified daemon uid, or something.  

I did some initial looking around this morning and found that you can
specify in a user's authorized_keys file a specific program to be
executed as their "shell", and won't allow overriding that; the same can
prevent pty usage, port/x11 forwarding, etc.

Thinking out loud...

What would be really nice is if an ssh user could allow for subusers,
kind of like the whole dot-qmail thing. As an example, i could define
srp-anonymous and srp-srp. Those two subusers would be authenticated
based off some mechanism which i (srp) defined somewhere in my ~/.ssh/
directory (auth against flat file or database or pub keys file ...).
Those users i could also lock down, so that they can only run certain
subsystems and the like.

When a user successfully authenticates as a subuser, sshd will setuid to
the owning user ("srp"), and then set an environment variable VUSER to
the subuser ("anonymous" or "srp") before execing the subsystem or shell
or whatever.


Would this be useful, or would i be wasting my time looking into doing
such? Also, is this a solid design, or have i overlooked something?

sRp

-- 
Scott Parish
http://srparish.net/

Attachment: pgp9WirqB1Amy.pgp
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]