-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom has already told you what the best approach would be. However, let me try to specifically answer your questions. On Thu, Sep 18, 2008 at 12:39:40PM -0600, Tyler Littlefield wrote: > I would, however like to limit them in disk space (I can figure that one out), Ok. > in port usage (not sure how to do this one, would like to limit what ports they can open), The only thing I can think of for that is the obvious, a firewall. However, that would apply to everyone on the system. There is something called owner match support, when you're configuring the firewall stuff in the kernel, however, I'm not sure if that does what it actually suggests, or something else. Sorry, that's all I can tell you there, maybe a firewall howto somewhere would tell you more. > programs they can run, The best way I can think of to do that, is to create a group on your system, where all the binaries you want users to access are a part of that group. Then, add the users you want to be able to access those binaries to that group as well, and leave the rest binaries/users out. On my debian system, there is a group called bin, but most of my binaries are in root's group. I'm not sure if the bin group is reserved for something else, or if it is there for what its name suggests, and it's up to the system admin to use it as he/she wishes. > and also what they can view on the system. You need to be more specific. What do you want them to be able to view, man pages, text files, contents of specific directories, what? Greg - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjUG8gACgkQ7s9z/XlyUyDY8QCeMyiUbYUWG+XeixZqmeq2vnxW zckAoLvhv/znPYpTPB1hr6BxFVZl81/r =+v8G -----END PGP SIGNATURE-----
