From owner-freebsd-questions@FreeBSD.ORG Thu Feb 8 10:18:17 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 64F4E16A400 for ; Thu, 8 Feb 2007 10:18:17 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id 168F013C441 for ; Thu, 8 Feb 2007 10:18:15 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 19927 invoked from network); 8 Feb 2007 21:18:15 +1100 Received: from 203-206-230-187.dyn.iinet.net.au (HELO localhost) (203.206.230.187) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Feb 2007 21:18:15 +1100 Date: Thu, 8 Feb 2007 21:18:10 +1100 From: Norberto Meijome To: David Schulz Message-ID: <20070208211810.568b6d30@localhost> In-Reply-To: <8845689B-F8CA-4CEB-A712-244AA7578B14@tca-cable-connector.com> References: <8845689B-F8CA-4CEB-A712-244AA7578B14@tca-cable-connector.com> X-Mailer: Claws Mail 2.7.2 (GTK+ 2.10.9; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions Subject: Re: User Monitoring X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 10:18:17 -0000 On Tue, 6 Feb 2007 14:09:55 +0800 David Schulz wrote: > Hello all, > > i would like to provide a SSH Login for selected people on a > dedicated Machine, to be a little bit of a playground to some who > dont have any Unix experience and so on. > > Without a doubt i will get the one or the other trying to do > something nasty to the Box, so my question is how to keep track of > what Users are doing? Using process accounting as described http:// > www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security- > accounting.html in the handbook? > > Can you share some easy to implement tricks to keep the worst from > happening to my Machine? Hello :) I think you really have 2 issues : 1) how to prevent them breaking havoc on your machine. 2) how to know what they are doing. 2) : answered on the other posts. 1) normal users shouldn't have access to break many things (nothing system related actually)..but, since paranoid we must be, why not just install a jail (or set of jails if you want to provide for maximum separation) and give them access to the jails ? They'll be able to do most stuff a newbie would do (and an advanced user too :) ) , and u can even give them root in the jail :). Best, _________________________ {Beto|Norberto|Numard} Meijome What you are afraid to do is a clear indicator of the next thing you need to do. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.