Thursday, February 26, 2015

SSH user minimum permissions

I am working on an application which sshes into servers and gathers information about the server such as disk and memory usage. Another task it needs to do is get file size information of certain files which may be anywhere on the server.



Because of the nature of this application, I would want to restrict the ssh user on the server to only be able to read files in /proc/* and get file sizes of certain files. I cannot give an example because the files may change on a server by server basis.



Is there any way that an ssh account could be locked down to prevent reading /proc/* and doing a du on a file that could be anywhere?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...