create a restricted user
Zacharie Elcor
zelcor at gmail.com
Sun Feb 6 13:37:51 UTC 2005
On Sat, 05 Feb 2005 22:44:54 -0500, Scot L. Harris <webid at cfl.rr.com> wrote:
> On Sat, 2005-02-05 at 22:10, Gain Paolo Mureddu wrote:
> > Scot L. Harris wrote:
> >
> > >You found the big problem with giving someone access to a program, most
> > >times they can find a way to escape that program and get a shell prompt.
> > >
> > >
> > Shouldn't /bin/null help here to avoid giving them a shell?
>
> That should keep them from logging in at all. Which is very secure. :)
>
> The problem is that in order to run the browser I think you have to have
> a shell running. I suspect if you put the browser in place of the shell
> in the passwd file it would not work. (might be worth a quick test
> though)
>
> I really think the best option is to try and setup chrooted access. If
> they manage to get a shell prompt they are restricted in what they can
> access.
If I chroot the restricted user, what are the minimum commands that
should be available in order for him to be able to run firefox ? is a
shell required ?
>
> --
> Scot L. Harris
> webid at cfl.rr.com
>
> Forty two.
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list