create a restricted user
Matthew Miller
mattdm at mattdm.org
Sun Feb 6 05:17:23 UTC 2005
On Sun, Feb 06, 2005 at 01:28:50AM +0100, Zacharie Elcor wrote:
> I added a user named "visitor" and created in his home dir a file
> .xsession that contains:
> firefox
> so that when he logs in, firefox is launched, and when he closes
> firefox, he is logged out.
I'd suggest something like
metacity &
firefox
so that you can actually get managed windows. You'll want to use the gnome
keyboard configurator though, to make sure there aren't surprise keystrokes
that launch apps or anything. (Metacity might not be the best choice, but
it's easily available.)
> This works fine but he is still able to ctrl+alt+F(1-6) and log in to
> browse the file system.
> To prevent that, I tried to set /bin/false as the default shell for
> that user in /etc/passwd but this also prevented him to log in
> graphically.
Instead, add this section (anywhere) in /etc/X11/xorg.conf:
Section "ServerFlags"
Option "DontVTSwitch" "On"
EndSection
> Is there a way to be sure that "visitor" will only be able to browse
> the web and not the file system ? any security issues ?
It's difficult but possible. You'll probably also want to edit the firefox
chrome to strip down what it can access.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
--> Fedora Users & Developers Conference, hosted by Boston University <--
February 18th, 2005 <http://fedoraproject.org/wiki/FUDCon1>
More information about the fedora-list
mailing list