On 08/12/2010 10:12 AM, Daniel J Walsh wrote: > On 08/12/2010 08:40 AM, roland wrote: >> I would like to give someone a login on my server. >> But, I would like to limit access to his home dir. > >> With Nautilus, Konqueror or from distance with p.e. Winscp, this person >> could see what he wants and do maybe the unexpected. > >> Can I prevent him from moving somehow? (whatever version of Fedora) > > > You could limit him somewhat using guest or xguest user with SELinux. > > # semanage login -a -s guest_u USERNAME > > guest_u allows him to ssh onto your machine and locks him down, so he > can not execute setuid apps, or use network ports. > > xguest_u allows him to login via X and use http ports. > > These confined users prevent a lot of access on the machine, but not > necessarily everything. > You may also want to consider setting his shell to rbash. See the "RESTRICTED SHELL" section of the bash man page. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
