security
Mikkel
mikkel at infinity-ltd.com
Thu Aug 12 18:30:51 UTC 2010
On 08/12/2010 10:12 AM, Daniel J Walsh wrote:
> On 08/12/2010 08:40 AM, roland wrote:
>> I would like to give someone a login on my server.
>> But, I would like to limit access to his home dir.
>
>> With Nautilus, Konqueror or from distance with p.e. Winscp, this person
>> could see what he wants and do maybe the unexpected.
>
>> Can I prevent him from moving somehow? (whatever version of Fedora)
>
>
> You could limit him somewhat using guest or xguest user with SELinux.
>
> # semanage login -a -s guest_u USERNAME
>
> guest_u allows him to ssh onto your machine and locks him down, so he
> can not execute setuid apps, or use network ports.
>
> xguest_u allows him to login via X and use http ports.
>
> These confined users prevent a lot of access on the machine, but not
> necessarily everything.
>
You may also want to consider setting his shell to rbash. See the
"RESTRICTED SHELL" section of the bash man page.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20100812/92663bdb/attachment.bin
More information about the users
mailing list