Re: [TCLUG:16756] Restricted shell

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:16756] Restricted shell
From: Gabe Turner (officer) <dopp@acm.cs.umn.edu>
Date: Wed, 26 Apr 2000 13:33:27 -0500 (CDT)
In-Reply-To: <000201bfafab$2ac623c0$650aa8c0@cccu.com> from "Eric Hillman" at Apr 26, 2000 01:13:48 PM

> The problem is that then the user is restricted to running only shell commands
> or files that are in their home directory.  I suppose you might be able to do
> something tricky with symlinks and give them access to a hand-picked selection
> of tools in ~/bin...  But even then, without any restrictions on what shell
> commands they can use, a user might accidentally be able to bring your server to
> a halt...
> 
> I'd be interested in other people's thoughts on this kind of thing too -- I'm
> starting to let a few people access my home server thru ssh, and I'd like to
> keep them fenced in, without completely straitjacketing them.
> 
Well there's always the extremely evil option:  Make everything but the usual
bin lib etc directories unreadable by other....  but that seems to be a bit
of a Pandora's Box if you ask me...  who knows what kinds of strange daemon
users on your system need what perms.. :)

Gabe

-- 
--------------------------------------------------------------------------------
Gabe Turner		President, ACM @ U of MN	     dopp@acm.cs.umn.edu

"My dream is that everyone, everywhere in the world
 will know the wonders of my nipples!"
				- Stimpson J. Cat in "Rubber Nipple Salesmen"
--------------------------------------------------------------------------------

References:
- RE: [TCLUG:16756] Restricted shell
  - From: "Eric Hillman" <ehillman@cccu.com>

Prev by Date: RE: [TCLUG:16756] Restricted shell
Next by Date: Re: [TCLUG:16719] The NVidia license
Prev by thread: RE: [TCLUG:16756] Restricted shell
Next by thread: Upgrading and PartitionMagic
Index(es):
- Date
- Thread