The Joyent Community
A place where the Joyent community can gather, help each other out, and stay informed.
You are not logged in.
#1 2004-06-04 19:13:50
Shell Access Policy
The default shell for everyone is scponly, a SSH wrapper that only allows SCP and SFTP access (rsync works over it) in your home directory. I'm very happy that we safely offer this to people.
I'm talking full shell access requests on a case-by-case basis. The first sign to me that someone actually needs it is that they take the time email me about it.
I'll need to know what shell you want (they are all there)? And what binaries are going to be using on my end (basically a "why")?
I don't want to sound stern here or that I'm talking down to you (because it'll sound like that if you really need shell access, and I'm sorry, entirely unintentional).
But I have to remind you that there is full system accounting, and logging of all binary executions and logins plus daily file integrity checks. It's understandable if you didn't realize "top" is restricted but attempting to run binaries like portscan, sockstat, killall, kill, mv (in somewhere other then your home directories) will, at best, get you a refund.
Offline
#3 2004-06-04 23:33:25
Re: Shell Access Policy
I just hope we don't get booted for accidentailly adding an extra "../" or two onto a path that we mv or cp to/from. I've mistakenly done that myself a few times while trying to recall the how deep in the tree. ;-)
Last edited by cnladd (2004-06-05 23:09:23)
VC178
Offline
#6 2004-06-05 07:49:17
Re: Shell Access Policy
jason wrote:
joshua wrote:
what about using cron job to backup the database via mysqldump?
You can do that now. I'll be doing it for everyone.
What about using cron for other things? Like m2f uses cron to update phpBB with a mailing list. I know there are pseudocron utilities out there, but they can be flaky, and nothing beats good ole cron...
VC131. Not that I'm bragging.
(OK, yes I am.)
Offline
#8 2004-06-05 19:51:26
Re: Shell Access Policy
You've essentially got shell access from within webmin- click System > Running Processes > Run.
For example:
Code:
- whereis sockstat
Output from whereis sockstat ..
sockstat: /usr/bin/sockstat /usr/share/man/man1/sockstat.1.gz
Last edited by nixon (2004-06-05 19:52:18)
And I thank you for the items that you sent me: the monkey and the plywood violin
Offline
#11 2004-06-05 20:03:09
Re: Shell Access Policy
Would you terminate my account if I ran "top" through webmin? :P
Last edited by nixon (2004-06-05 20:03:20)
And I thank you for the items that you sent me: the monkey and the plywood violin
Offline
#12 2004-06-05 22:17:06
Re: Shell Access Policy
jason wrote:
Webmin honestly pretty much provides shell access via a web interface
Um...not sure I agree with this, Jason :-)
I can't use the Webmin interface to run a simple (un)tar because, apparently, Webmin doesn't have permissions to create files and directories in my public_html folder.
I guess I could CHMOD the folder to 0777, but that means hacking the permissions every time I run a local command that creates a file etc.
peter gallagher -- VC132 --- www.petergallagher.com.au
Offline
#13 2004-06-05 23:17:12
Re: Shell Access Policy
Is there any status on shell access for those of us that have requested it?
I tried doing a bit of work on my local box and uploading it via SFTP, but that's just a sick way to work... Now that I finally have access to my account, I was hoping to be able to really get down and do some work on getting my sites up and running this weekend.
VC178
Offline
#18 2004-06-11 22:19:32
Re: Shell Access Policy
jason wrote:
I'll need to know what shell you want (they are all there)? And what binaries are going to be using on my end (basically a "why")?
So, is the shell access jailed/chrooted and you only copy the needed binaries, or is this full access and you just want to know what I will do with it (like using wget to fetch scripts and using vim to edit the config-files)?
thanks
theflow
Last edited by theflow (2004-06-11 22:19:59)
Offline
#19 2004-06-11 22:33:35
Re: Shell Access Policy
theflow wrote:
So, is the shell access jailed/chrooted and you only copy the needed binaries, or is this full access and you just want to know what I will do with it (like using wget to fetch scripts and using vim to edit the config-files)?
thanks
theflow
No, it's not jailed. I do want to know what you are planning on doing and to let you know that I'm always watching.
Offline
#21 2004-06-12 08:43:09
Re: Shell Access Policy
it just not practical to chroot each person because then everyone would have to have their libraries, tmp etc. Mail would get through ....
Jailing is even better but that would require each person to have their own IP and their own FreeBSD install, their own web server, their own mail server .... Jailing is how people accomplish these "Virtual Dedicated Servers" you see on the market.
Offline