On Sat, 05 Feb 2005 22:44:54 -0500, Scot L. Harris <webid@xxxxxxxxxx> wrote: > On Sat, 2005-02-05 at 22:10, Gain Paolo Mureddu wrote: > > Scot L. Harris wrote: > > > > >You found the big problem with giving someone access to a program, most > > >times they can find a way to escape that program and get a shell prompt. > > > > > > > > Shouldn't /bin/null help here to avoid giving them a shell? > > That should keep them from logging in at all. Which is very secure. :) > > The problem is that in order to run the browser I think you have to have > a shell running. I suspect if you put the browser in place of the shell > in the passwd file it would not work. (might be worth a quick test > though) > > I really think the best option is to try and setup chrooted access. If > they manage to get a shell prompt they are restricted in what they can > access. If I chroot the restricted user, what are the minimum commands that should be available in order for him to be able to run firefox ? is a shell required ? > > -- > Scot L. Harris > webid@xxxxxxxxxx > > Forty two. > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
