Securing-a-server.md

 TODO
+
+Copy from issue 9
+THIS MODEL IS NOT SECURE TO THE WAY USERS CAN USE ESCALATION SCRIPTS
+
+For my understanding, I identified 4 types of (legitimate) users (besides root and guest)  
+Note that the two last ones are *player* usecases and not GuildHack mission requirements  
+All users should be able to access '/' in order to navigate easily (to check with an expert?)  
+Let's be nice and give "clear" so that everybody can reset their screens in ssh :P
+
+* "ssh" (Hosting Services mission) : users able to bounce through ssh  
+  Permissions : "ssh" command. only that.
+* "ftp" (Hosting Services mission) : users able to access the /Public/Downloads/ folder  
+  Permissions : no commands (FtpShell). /Public/ as read, /Public/Downloads/ as read-write.
+* "home" : users connected through ssh or ftp to download or edit files (BTCshop)  
+  Permissions : /home/ ONLY. Users of this group should be assigned *another group* per usecase.
+* "home+btc" : to allow external download with the player-made BTC client  
+  *Exact permissions to be determined, I'm assuming the /home/USER folder*
+* "home+members" : users with a private space (guild members)  
+  Permissions : /home/ as read, user folder as read-write, a lot of file commands  
+  If a remote user is allowed to use the server as a proxy, addgroup "ssh"  
+  If he should be able to access the ftp folder directly, addgroup "ftp"
+
+For completeness, here's the two sepcial users who doesn't fit into the design :
+
+* "root" : As no group as sudo, the ssh access need to be done from the previous server  
+  Data from other services (chat, web, ...) fall under ownership of root as no legitimate user need to access those files directly
+* "guest" : Can't be deleted. No permissions (besides reading /, clearing his own terminal)  
+  It's possible that GreyOS doesn't allow to refuse access to the /home/guest/ folder as well
+
+Part 1: Basic permissions
+
+* By default, removing all perms for everyone on everything (duh!)
+* Give read access to everyone in /
+* Give execution rights to everyone for "/bin/clear"
+* Create the groups and add them to users accordingly
+* Set group for /Public/ as "ftp" and give it group-level read
+* Set group for /Public/Downloads/ as "ftp" and give it (recursive) group-level read-write
+
+Part 2: Deleting unnecessary tools
+
+* Delete the home folder of guest + "ssh"/"ftp"-only users
+* It would be a good idea to delete/reset the /Config/ folder for all users, just in case (and the log file too)
+* Nslookup, whois, Mail.exe aren't useful on a server, maaaybe on a dedicated proxy... delete it
+* At the time of writing, there's no obvious benefit with not deleting CodeEditor.exe and build
+* Are members allowed the use this server as a *last-point* proxy to reach a ftp? If not, delete the ftp command
+* If "destructive security" is desired, delete /etc/passwd and the services in /server/ (to prevent a shutdown)
+
+Part 3: Advanced permissions
+
+* Set group for /home/ as "files" and give it group-level read (remote users + download users)
+* Give (recursive) *!user-level!* read-write for child folders of /home/
+* Set group for "/bin/ssh" as "ssh" and give it group-level execution rights
+* Set group "remote" and give group-level execution rights for :  
+  cd, ls, pwd, cat (File access)  
+  rm, mv, cp, mkdir, rmdir, touch (File editing)  
+  Notepad.exe, FileExplorer.exe, Terminal.exe
+* *Note: Browser.exe is not safe as it allows to unroute all ports from the inside of the system, blocking services forever!*
\ No newline at end of file