From owner-freebsd-questions@FreeBSD.ORG Thu Sep 23 22:16:30 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A770216A4CE for ; Thu, 23 Sep 2004 22:16:30 +0000 (GMT) Received: from palrel11.hp.com (palrel11.hp.com [156.153.255.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55DD143D4C for ; Thu, 23 Sep 2004 22:16:30 +0000 (GMT) (envelope-from jason.sheets@hp.com) Received: from cacexg11.americas.cpqcorp.net (cacexg11.americas.cpqcorp.net [16.92.1.67]) by palrel11.hp.com (Postfix) with ESMTP id 1D8FD14DDC; Thu, 23 Sep 2004 15:16:30 -0700 (PDT) Received: from idbexc01.americas.cpqcorp.net ([16.88.97.3]) by cacexg11.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.0); Thu, 23 Sep 2004 15:16:29 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 23 Sep 2004 16:18:21 -0600 Message-ID: <2D8BB15C7B5C214F81C32D3A83B32736013D45B3@idbexc01.americas.cpqcorp.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Ultimately Safe User Account Thread-Index: AcSho7cS7V0FQvz7TU20w8TjZiYCFwAFqrZQ From: "Sheets, Jason (OZ CEEDR)" To: "Andrew" , X-OriginalArrivalTime: 23 Sep 2004 22:16:29.0865 (UTC) FILETIME=[F9B5D990:01C4A1BA] Subject: RE: Ultimately Safe User Account X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 22:16:30 -0000 I'd suggest sending him a live CD of FreeBSD (LiveBSD at http://www.livebsd.com) or Linux (Knoppix at http://www.knoppix.org) are very good. This will keep him on his own hardware and let him become familiar with BSD in a fairly safe environment. When he feels comfortable he can attempt a full install on his hardware. Alternatively if he is just wanting to become proficient on the command line he can install Cygwin (http://www.cygwin.com) on Windows and Linux-like environment right on Windows and then progress to the real thing. I'd go with any of the above before giving him remote access but If you are deadest on allowing him access to your system look at man jail man security man login.conf Jason > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of Andrew > Sent: Thursday, September 23, 2004 1:30 PM > To: freebsd-questions@freebsd.org > Subject: Ultimately Safe User Account >=20 > Hi, >=20 > I have a production FreeBSD box. My friend is starting to learn Unix > essentials and is asking me for an account. He doesn't require any > special rights, but he certainly wants to be able to use shell and read > most manual pages. He'll access the server via Internet, SSH. >=20 > How can I create an account, so that it is completely safe to let him > in? How can I jail/chroot him and do I need to do it this way? I want to > limit everything: disk space (~500Mb), RAM (~10%), processes (~30), cpu > (~5-10%), _internet connectivity_ (bandwidth is expensive and he must > not be able to download much). He is new to Unix but I have to suppose > that somebody very experienced can steal his account info. >=20 > I'd be glad if he had only very basic ls, cp, mv, as well as sh and vi. > I don't want him to have any browser or fetch-like utility. >=20 > I know that letting somebody log in is already a security hole, but I > want to minimize the risks. >=20 >=20 > Thanks, > Andrew P. >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"