Results 1 to 5 of 5
  1. #1
    Join Date
    Jan 2005

    Question Chrooted user just for mysql access over SSH


    I have a user who will need access to our mysql. We thought to do that for him over SSH. So we'll create user on our CentOS and he will use SSH tunnel to access our mysql.
    But we need this user to have no access to filesystem and just have access to mysql. Is that possible ?
    How can we chroot this user in its home directory and prevent him to access nothing just mysql ?
    OS is CentOS 5 64bit. Thanx.

  2. #2
    Join Date
    Dec 2003
    Boston, MA
    I personally would just setup phpmyadmin for him so he can access his own database via the web. Unless you want him to access via ssh there are some chmod's you can do to some directories to prohibit access.

    I always chmod about 60 directories on my server(s) since 100% of my clients have ssh access. (711) is a safe chmod.
    Axcelx Technologies - James
    Boston Colocation | Boston VPS
    Massachusetts Server Colocation and Dedicated Servers

  3. #3
    Join Date
    Jan 2005
    Thanx, unfortunately this SSH is required because user will access DB from desktop application. phpmyadmin isn't an option. I would prefer to lock user in its own home directory over chmod tens of directories cause it can make some troubles with access for other applications currently installed on the server.

  4. #4
    Join Date
    Mar 2004
    change his shell to /sbin/nologin

    He will be able to authenticate himself to the server, but won't be allowed to start a shell. I don't remember what to do next, but I know that there is an option in Putty/ssh to forward the port without creating the shell ...

    So he won't be able to have a shell, but he will be able to use the port forwarding to forward any ports... so use at your own risk.^

    use the -N option when trying to connect
    Last edited by oldunis; 09-29-2009 at 02:27 PM.

  5. #5
    Join Date
    Jan 2005
    Thanx. I tried it and works. The login name and password will be compiled into exe file (encrypted) so he'll be unable to read them. Also we will use tcp wrappers (for ssh ip protection) to protect this login/password from other "potential" users

Similar Threads

  1. Mysql Disable INSERT access to specific user/table
    By addady in forum Hosting Security and Technology
    Replies: 4
    Last Post: 04-27-2009, 05:01 AM
  2. MySQL: Access Denied for root user
    By IT_Architect in forum Hosting Security and Technology
    Replies: 8
    Last Post: 10-25-2007, 12:49 PM
  3. Restrict Root Access and Give user access in PureFTP
    By stooley in forum Hosting Security and Technology
    Replies: 1
    Last Post: 03-03-2006, 03:19 AM
  4. User cant edit mysql and cant edit password pro directory access
    By John D in forum Hosting Security and Technology
    Replies: 2
    Last Post: 01-18-2006, 11:33 AM
  5. help plaese : mysql problem , all user have access denied
    By asfoor in forum Hosting Security and Technology
    Replies: 4
    Last Post: 11-20-2004, 05:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts