Re: create a restricted user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2005-02-05 at 19:28, Zacharie Elcor wrote:
> I want to create a restricted user without password that can only use
> a web browser.
> I added a user named "visitor" and created in his home dir a file
> .xsession that contains:
> 
> firefox
> 
> so that when he logs in, firefox is launched, and when he closes
> firefox, he is logged out.
> This works fine but he is still able to ctrl+alt+F(1-6) and log in to
> browse the file system.
> 
> To prevent that, I tried to set /bin/false as the default shell for
> that user in /etc/passwd but this also prevented him to log in
> graphically.
> 
> Is there a way to be sure that "visitor" will only be able to browse
> the web and not the file system ? any security issues ?
> 
> Thanks for help

You found the big problem with giving someone access to a program, most
times they can find a way to escape that program and get a shell prompt.

You should probably look at setting of a chroot jail for that user.  If
they do get to a shell prompt they will not really have access to the
real system.  Solaris 10 has a very nice system for creating multiple
virtual systems on a box that are segregated from everything else. 
Similar type thing can be setup under linux but not as easy.

Of course if you have a user that you don't trust with shell access why
do you want to give them browser access?  

-- 
Scot L. Harris
webid@xxxxxxxxxx

A day without sunshine is like night. 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux