Date: Thu, 23 Sep 2004 16:18:21 -0600 From: "Sheets, Jason (OZ CEEDR)" <jason.sheets@hp.com> To: "Andrew" <infofarmer@mail.ru>, <freebsd-questions@freebsd.org> Subject: RE: Ultimately Safe User Account Message-ID: <2D8BB15C7B5C214F81C32D3A83B32736013D45B3@idbexc01.americas.cpqcorp.net>
next in thread | raw e-mail | index | archive | help
I'd suggest sending him a live CD of FreeBSD (LiveBSD at http://www.livebsd.com) or Linux (Knoppix at http://www.knoppix.org) are very good. This will keep him on his own hardware and let him become familiar with BSD in a fairly safe environment. When he feels comfortable he can attempt a full install on his hardware. Alternatively if he is just wanting to become proficient on the command line he can install Cygwin (http://www.cygwin.com) on Windows and Linux-like environment right on Windows and then progress to the real thing. I'd go with any of the above before giving him remote access but If you are deadest on allowing him access to your system look at man jail man security man login.conf Jason > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of Andrew > Sent: Thursday, September 23, 2004 1:30 PM > To: freebsd-questions@freebsd.org > Subject: Ultimately Safe User Account >=20 > Hi, >=20 > I have a production FreeBSD box. My friend is starting to learn Unix > essentials and is asking me for an account. He doesn't require any > special rights, but he certainly wants to be able to use shell and read > most manual pages. He'll access the server via Internet, SSH. >=20 > How can I create an account, so that it is completely safe to let him > in? How can I jail/chroot him and do I need to do it this way? I want to > limit everything: disk space (~500Mb), RAM (~10%), processes (~30), cpu > (~5-10%), _internet connectivity_ (bandwidth is expensive and he must > not be able to download much). He is new to Unix but I have to suppose > that somebody very experienced can steal his account info. >=20 > I'd be glad if he had only very basic ls, cp, mv, as well as sh and vi. > I don't want him to have any browser or fetch-like utility. >=20 > I know that letting somebody log in is already a security hole, but I > want to minimize the risks. >=20 >=20 > Thanks, > Andrew P. >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2D8BB15C7B5C214F81C32D3A83B32736013D45B3>