I have a user who will need access to our mysql. We thought to do that for him over SSH. So we'll create user on our CentOS and he will use SSH tunnel to access our mysql.
But we need this user to have no access to filesystem and just have access to mysql. Is that possible ?
How can we chroot this user in its home directory and prevent him to access nothing just mysql ?
OS is CentOS 5 64bit. Thanx.
I personally would just setup phpmyadmin for him so he can access his own database via the web. Unless you want him to access via ssh there are some chmod's you can do to some directories to prohibit access.
I always chmod about 60 directories on my server(s) since 100% of my clients have ssh access. (711) is a safe chmod.
Thanx, unfortunately this SSH is required because user will access DB from desktop application. phpmyadmin isn't an option. I would prefer to lock user in its own home directory over chmod tens of directories cause it can make some troubles with access for other applications currently installed on the server.
He will be able to authenticate himself to the server, but won't be allowed to start a shell. I don't remember what to do next, but I know that there is an option in Putty/ssh to forward the port without creating the shell ...
So he won't be able to have a shell, but he will be able to use the port forwarding to forward any ports... so use at your own risk.^
Thanx. I tried it and works. The login name and password will be compiled into exe file (encrypted) so he'll be unable to read them. Also we will use tcp wrappers (for ssh ip protection) to protect this login/password from other "potential" users