Server Help

[Altec]

Got a few Q's for you as3 guru’s 

I plan to start hosting as3 for certain zones. I got as3 to work, but need help in other areas.

1) Does a zone owner need SSH or will FTP sifice?
If SSH is needed, how to does one properly give said user proper SSH access. I understand how to give a user SSH, but don’t know if I am doing it right to make sure the system is secure.

2) Are there any scripts out there where said user can start/stop a zone with/without SSH?

Thanks guys.
_________________
Spyed>It wasn't me. Someone got my password and did it. OMGZ..
-------
SSB/SSCB Owner

[Dr Brain]

0.) It's called asss.
1.) Yes, they need SSH. Take a look at grel's adminsh program.
2.) No.
_________________
Hyperspace Owner

Smong> so long as 99% deaths feel lame it will always be hyperspace to me

[Altec]

mmk...where can i find this grel's program?

[Dr Brain]

http://asss.yi.org/asss/home/source/ and use asss.adminsh instead of asss.asss.main

[Grelminar]

In theory, you can do anything you need to with ?putfile and ?recycle, assuming you have processes in place to monitor the asss process and restart it when required. But in practice zones crash or deadlock, and you need an out-of-band way to kill and restart the zone. And administration with ?putfile is really painful, and if you want to have happy owners, you should give them SFTP/SCP access.

adminsh is an alternate login shell, plus a set of scripts that make it easy to set up zones in chroot environments. Chrooting increases security by making it impossible for one zone to affect others (assuming you set it up right, which isn't easy). Being an alternate login shell means that it gives owners the ability to do only very specific commands (start/stop their zone, send messages, view log files, and a few more), but _not_ full shell access. This is weak security, though, since if they can ?putfile, they can run arbitrary code on your server (this is where the chroot helps). adminsh also provides automatic restarting after crashes and ?recycle.

I would recommend setting up adminsh for basic tasks, and if you trust your owners and they are knowledgeable in basic unix usage, you can also give them full shell access, which comes in handy sometimes.

Fully securing a machine against users with shell access (or ?putfile/?insmod access) to a machine is difficult (or maybe impossible, depending on your requirements). The chroot that adminsh helps you set up is just a starting point.

[Animate Dreams]

I don't suppose someone would like to make a wiki detailing these things? I'm not officially hosting zones(yet), but since AS3 hosting at the moment is sparse and being very well, um... protected, I've offered to host a couple people's dev zones on my own Linux computer. And in the future, I may get space on a real server, so I'd REALLY have to worry about security then. Although, I'd be willing to bet this is more of a Unix thing than it is an AS3 thing, so I'm going to go see if I can find anything helpful, and if the rest of you have any good websites for this, just post them here.

[Cyan~Fire]

There already is a wiki, go ahead and put the info there. (The link is near the top of this page.)
_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him.

[Animate Dreams]

I meant a specific wiki page on asss security.

[Altec]

Ok, I found a way to give someone SSH access. However the problem I'm running into know is what that person has access to.

Is there a way to lock them into there folder so they can only view there content and not the whole system?

Thanks.

[Dr Brain]

Yes, it's called chroot and is part of what grel was talking about.