TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:16756] Restricted shell
> The problem is that then the user is restricted to running only shell commands
> or files that are in their home directory. I suppose you might be able to do
> something tricky with symlinks and give them access to a hand-picked selection
> of tools in ~/bin... But even then, without any restrictions on what shell
> commands they can use, a user might accidentally be able to bring your server to
> a halt...
>
> I'd be interested in other people's thoughts on this kind of thing too -- I'm
> starting to let a few people access my home server thru ssh, and I'd like to
> keep them fenced in, without completely straitjacketing them.
>
Well there's always the extremely evil option: Make everything but the usual
bin lib etc directories unreadable by other.... but that seems to be a bit
of a Pandora's Box if you ask me... who knows what kinds of strange daemon
users on your system need what perms.. :)
Gabe
--
--------------------------------------------------------------------------------
Gabe Turner President, ACM @ U of MN dopp@acm.cs.umn.edu
"My dream is that everyone, everywhere in the world
will know the wonders of my nipples!"
- Stimpson J. Cat in "Rubber Nipple Salesmen"
--------------------------------------------------------------------------------