Mailinglist Archive: opensuse-security (605 mails)
| < Previous | Next > |
Re: [suse-security] restricting user commands
- From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
- Date: Tue, 2 Oct 2001 08:52:38 -0600
- Message-id: <001d01c14b51$e195a740$6400030a@xxxxxxxxxxxx>
> maybe a combination of chrooting, quota, no exec and removed
> binarys is a good way?:)
>
> chroot to safe the rest of the maschine (yes, i know, chroot
> can be br0ken)
> quota to stops the user from compiling
? So you're not going to let them store data, or use lynx with cookies?
> no exec for the ones who dunno how to exec a bin anyway ;)
then their chroot will be a bit broken if nothing can exec.
> and removed binarys to restrict the possibilities (like
> no compiler etc.)
uploading stuff is possible through so many things (sed and awk!).
> another way may be usermode linux .. for every user a own
> system ;) diskspace is not much expensive today ...and
> CPU etc. also ... and you can backup this linux from
> the master maschine so if somebody killed his box, just
> copy the files back ...
-Kurt
> binarys is a good way?:)
>
> chroot to safe the rest of the maschine (yes, i know, chroot
> can be br0ken)
> quota to stops the user from compiling
? So you're not going to let them store data, or use lynx with cookies?
> no exec for the ones who dunno how to exec a bin anyway ;)
then their chroot will be a bit broken if nothing can exec.
> and removed binarys to restrict the possibilities (like
> no compiler etc.)
uploading stuff is possible through so many things (sed and awk!).
> another way may be usermode linux .. for every user a own
> system ;) diskspace is not much expensive today ...and
> CPU etc. also ... and you can backup this linux from
> the master maschine so if somebody killed his box, just
> copy the files back ...
-Kurt
| < Previous | Next > |