-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/16/2011 08:06 AM, Don Quixote de la Mancha wrote: > > Chroot is great for securing certain kinds of things, but if the > intended user is an administrator, he won't be able to administer any > of the files outside of his chroot jail. > > I'm pretty sure bash doesn't provide a facility like this, but there > should be a different shell that does. > > A simple hack that would work for any shell would be to remove the > "others execute" permission from all of your executable programs, > other than the commands you want him to be able to use. You will also > need to place him in his own group. > > chmod o-x > > will do it. > > But some daemons run as unpriveliged users, either their own username > or as "nobody". You will need these daemons to be in a group that can > run the commands. > > Wholesale alteration of executable permissions could break your system > in a big way, though. The permissions might get reset by software > updates. It's probably best to keep looking for a shell that does > what you really need. > You may want to look at the -r option of bash, or bash invoked as rbash. Unfortunately, there are ways to get around the restrictions of rbash, or most other restricted shells. Mikkel - -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEUEARECAAYFAk6bcB0ACgkQqbQrVW3JyMRTBwCY96wjeTFoV7k5pumC3mmyfTKA jgCfVf+IRgZdpgsfH+4RzmJGoSzXeGg= =Mjbx -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
