Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 8 Feb 2007 21:18:10 +1100
From:      Norberto Meijome <freebsd@meijome.net>
To:        David Schulz <mailinglists@tca-cable-connector.com>
Cc:        FreeBSD Questions <questions@freebsd.org>
Subject:   Re: User Monitoring
Message-ID:  <20070208211810.568b6d30@localhost>
In-Reply-To: <8845689B-F8CA-4CEB-A712-244AA7578B14@tca-cable-connector.com>
References:  <8845689B-F8CA-4CEB-A712-244AA7578B14@tca-cable-connector.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 6 Feb 2007 14:09:55 +0800
David Schulz <mailinglists@tca-cable-connector.com> wrote:

> Hello all,
> 
> i would like to provide a SSH Login for selected people on a  
> dedicated Machine, to be a little bit of a playground to some who  
> dont have any Unix experience and so on.
> 
> Without a doubt i will get the one or the other trying to do  
> something nasty to the Box, so my question is how to keep track of  
> what Users are doing? Using process accounting as described http:// 
> www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security- 
> accounting.html in the handbook?
> 
> Can you share some easy to implement tricks to keep the worst from  
> happening to my Machine?

Hello :)
I think you really have 2 issues : 
1) how to prevent them breaking havoc on your machine.
2) how to know what they are doing.

2) : answered on the other posts.

1) normal users shouldn't have access to break many things (nothing system
related actually)..but, since paranoid we must be, why not just install a jail
(or set of jails if you want to provide for maximum separation) and give them
access to the jails ? They'll be able to do most stuff a newbie would do (and
an advanced user too :) ) , and u can even give them root in the jail :).

Best,


_________________________
{Beto|Norberto|Numard} Meijome

What you are afraid to do is a clear indicator of the next thing you need to do.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070208211810.568b6d30>