Mikkel mikkel at
Thu Aug 12 18:30:51 UTC 2010

On 08/12/2010 10:12 AM, Daniel J Walsh wrote:
> On 08/12/2010 08:40 AM, roland wrote:
>> I would like to give someone a login on my server.
>> But, I would like to limit access to his home dir.
>> With Nautilus, Konqueror or from distance with p.e. Winscp, this person  
>> could see what he wants and do maybe the unexpected.
>> Can I prevent him from moving somehow? (whatever version of Fedora)
> You could limit him somewhat using guest or xguest user with SELinux.
> # semanage login -a -s guest_u USERNAME
> guest_u allows him to ssh onto your machine and locks him down, so he
> can not execute setuid apps, or use network ports.
> xguest_u allows him to login via X and use http ports.
> These confined users prevent a lot of access on the machine, but not
> necessarily everything.
You may also want to consider setting his shell to rbash. See the
"RESTRICTED SHELL" section of the bash man page.


  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
Url : 

More information about the users mailing list