Re: create a restricted user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Feb 06, 2005 at 01:28:50AM +0100, Zacharie Elcor wrote:
> I added a user named "visitor" and created in his home dir a file
> .xsession that contains:
> firefox
> so that when he logs in, firefox is launched, and when he closes
> firefox, he is logged out.

I'd suggest something like

metacity &
firefox

so that you can actually get managed windows. You'll want to use the gnome
keyboard configurator though, to make sure there aren't surprise keystrokes
that launch apps or anything. (Metacity might not be the best choice, but
it's easily available.)

> This works fine but he is still able to ctrl+alt+F(1-6) and log in to
> browse the file system.
> To prevent that, I tried to set /bin/false as the default shell for
> that user in /etc/passwd but this also prevented him to log in
> graphically.

Instead, add this section (anywhere) in /etc/X11/xorg.conf:

Section "ServerFlags"
       Option "DontVTSwitch" "On"
EndSection



> Is there a way to be sure that "visitor" will only be able to browse
> the web and not the file system ? any security issues ?

It's difficult but possible. You'll probably also want to edit the firefox
chrome to strip down what it can access.

-- 
Matthew Miller            mattdm@xxxxxxxxxx        <http://www.mattdm.org/>
-->  Fedora Users & Developers Conference, hosted by Boston University  <--
February 18th, 2005                 <http://fedoraproject.org/wiki/FUDCon1>  


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux