Ok.. >From what you are saying, you're implying that security is simply a matter of not giving the user root access... I'm not sure I'm buying that. If security where that easy, there would be no real issues surrounding creating a secure system. I'm trying to find information from guys who have created secure systems, who can provide insight into the issues with chroot, etc... Resources who can discuss the various pros/cons of a given security strategy... As I pointed out, I'm considering letting users into my machines, so I'd like to know what this really entails.... Thanks -Bruce bedouglas@xxxxxxxxxxxxx -----Original Message----- From: redhat-list-admin@xxxxxxxxxx [mailto:redhat-list-admin@xxxxxxxxxx]On Behalf Of Ed Greshko Sent: Thursday, December 04, 2003 10:17 PM To: Redhat-list@xxxxxxxxxx Subject: RE: Security Issues.... On Fri, 2003-12-05 at 12:11, bruce wrote: > We're looking for what has to be done to set up a secure environment for a > development process. Define "secure". :-) If you create your users with unique uid/gid values (as is the default when adding users) they will be generally restricted from writing to any area other than what is below their home directory starting point. Yes, they will have access to /tmp. They could write and execute their programs just fine as long as they aren't writing code that needs a higher level of system access. For example, if they are writing code where they needed to bind to the network card on port 44 then they would need a higher level of access, a.k.a. root, and this can be dangerous...and is certainly insecure. So, don't give your users root access and they would have to try really hard to muck up your systems. Ed > > Thanks > > -Bruce > bedouglas@xxxxxxxxxxxxx > > > -----Original Message----- > From: redhat-list-admin@xxxxxxxxxx > [mailto:redhat-list-admin@xxxxxxxxxx]On Behalf Of Michael Burger > Sent: Thursday, December 04, 2003 7:54 PM > To: redhat-list@xxxxxxxxxx > Subject: Re: Security Issues.... > > > http://www.openssh.org/ if you want shell access > > Mike > > On Thursday 04 December 2003 10:09 pm, bruce wrote: > > Hi.. > > > > I'm relatively new to Linux, but I have a few questions concerning > > security. If there is a better/more appropriate site, I'd appreciate being > > pointed in that direction... > > > > I'm looking at setting up a few machines to allow users to access the > > machines and perform development work on the machines. By development, I > > mean the ability to actually run various scripting languages > > (Perl/PHP/etc...) and the ability to actually build/compile/run their > C/C++ > > apps.... > > > > My question has to do with the problem of creating an environment that's > > reasonably secure. Is there a way/ways to create this kind of environment > > such that a user can essentially have his/her own space and not somehow > > screw up the system. Are there pointers that you can provide to give me a > > better high level understanding of what this kind of environment would > > entail... > > > > I've done the Google thing but I have a lot more questions... > > > > Thanks in advance for any help/assistance with this issue... > > > > Hey... If you live close to me, I'd even buy you lunch!!! > > > > Thanks > > > > Bruce Douglas > > bedouglas@xxxxxxxxxxxxx > > (925) 866-2790 > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- "An opinion is like an asshole - everybody has one." - Clint Eastwood as Harry Callahan, The Dead Pool - 1988. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
