Re: security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/12/2010 08:40 AM, roland wrote:
> I would like to give someone a login on my server.
> But, I would like to limit access to his home dir.
> 
> With Nautilus, Konqueror or from distance with p.e. Winscp, this person  
> could see what he wants and do maybe the unexpected.
> 
> Can I prevent him from moving somehow? (whatever version of Fedora)
> 

You could limit him somewhat using guest or xguest user with SELinux.

# semanage login -a -s guest_u USERNAME

guest_u allows him to ssh onto your machine and locks him down, so he
can not execute setuid apps, or use network ports.

xguest_u allows him to login via X and use http ports.

These confined users prevent a lot of access on the machine, but not
necessarily everything.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxkD10ACgkQrlYvE4MpobMnHgCgw15uYBCwDIUFoMYcHImrFlag
pzQAoK4lESFH6ws8n55UaQCiUMymsWHC
=BVYo
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux