create a restricted user
Scot L. Harris
webid at cfl.rr.com
Sun Feb 6 03:44:54 UTC 2005
On Sat, 2005-02-05 at 22:10, Gain Paolo Mureddu wrote:
> Scot L. Harris wrote:
>
> >You found the big problem with giving someone access to a program, most
> >times they can find a way to escape that program and get a shell prompt.
> >
> >
> Shouldn't /bin/null help here to avoid giving them a shell?
That should keep them from logging in at all. Which is very secure. :)
The problem is that in order to run the browser I think you have to have
a shell running. I suspect if you put the browser in place of the shell
in the passwd file it would not work. (might be worth a quick test
though)
I really think the best option is to try and setup chrooted access. If
they manage to get a shell prompt they are restricted in what they can
access.
--
Scot L. Harris
webid at cfl.rr.com
Forty two.
More information about the users
mailing list