Markus Gaugusch wrote:
As Kurt Seifried already said, it is not a 100% solution. noexec can be circumvented, but for the first try it es not so bad.
maybe a combination of chrooting, quota, no exec and removed binarys is a good way?:) chroot to safe the rest of the maschine (yes, i know, chroot can be br0ken) quota to stops the user from compiling no exec for the ones who dunno how to exec a bin anyway ;) and removed binarys to restrict the possibilities (like no compiler etc.) another way may be usermode linux .. for every user a own system ;) diskspace is not much expensive today ...and CPU etc. also ... and you can backup this linux from the master maschine so if somebody killed his box, just copy the files back ... -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256