System Lockdown

[Mike McCarty]

Jim Douglas wrote:
> I plan on allowing a user to remotely login to my linux box with a GUI.
> 
> How can I best lockdown the system so the can't do any damage?
> 
> 
> (I know there's a lot to do, links would be appreciated.)

Please define "so they can't do any damage". One possibility is to
make them run with a restricted shell. Another is to provide your
own shell. Another might be to make them run in a chroot environment.
What are you trying to protect against? Until you answer that question,
you cannot take steps to prevent "damage". So, define "damage", and
then you can take steps. Also, ask yourself "How much effort and
money am I willing to spend?"

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!