TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:16756] Restricted shell

> The problem is that then the user is restricted to running only shell commands
> or files that are in their home directory.  I suppose you might be able to do
> something tricky with symlinks and give them access to a hand-picked selection
> of tools in ~/bin...  But even then, without any restrictions on what shell
> commands they can use, a user might accidentally be able to bring your server to
> a halt...
> I'd be interested in other people's thoughts on this kind of thing too -- I'm
> starting to let a few people access my home server thru ssh, and I'd like to
> keep them fenced in, without completely straitjacketing them.
Well there's always the extremely evil option:  Make everything but the usual
bin lib etc directories unreadable by other....  but that seems to be a bit
of a Pandora's Box if you ask me...  who knows what kinds of strange daemon
users on your system need what perms.. :)


Gabe Turner		President, ACM @ U of MN

"My dream is that everyone, everywhere in the world
 will know the wonders of my nipples!"
				- Stimpson J. Cat in "Rubber Nipple Salesmen"