From owner-freebsd-hackers@FreeBSD.ORG Wed Mar 2 18:46:41 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C7A116A4CE for ; Wed, 2 Mar 2005 18:46:41 +0000 (GMT) Received: from mxsf10.cluster1.charter.net (mxsf10.cluster1.charter.net [209.225.28.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E59B43D46 for ; Wed, 2 Mar 2005 18:46:41 +0000 (GMT) (envelope-from c0ldbyte@myrealbox.com) Received: from mxip02.cluster1.charter.net (mxip02a.cluster1.charter.net [209.225.28.132])j22Ike9x001409 for ; Wed, 2 Mar 2005 13:46:40 -0500 Received: from 24.247.253.134.gha.mi.chartermi.net (HELO eleanor.us1.wmi.uvac.net) (24.247.253.134) by mxip02.cluster1.charter.net with ESMTP; 02 Mar 2005 13:46:39 -0500 X-Ironport-AV: i="3.90,130,1107752400"; d="scan'208"; a="642676715:sNHT3930803830" Date: Wed, 2 Mar 2005 13:46:38 -0500 (EST) From: c0ldbyte To: Matt In-Reply-To: <4224CF06.7060103@comcast.net> Message-ID: <20050302134039.G7456@eleanor.us1.wmi.uvac.net> References: <4224CF06.7060103@comcast.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-hackers@freebsd.org Subject: Re: retricted environment X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2005 18:46:41 -0000 On Tue, 1 Mar 2005, Matt wrote: > When providing a shell environment for a larger number of users, what is the > best way to retrict access to commands/resources? I've already setup quotas. > I don't want users playing with system commands. I've read something about a > retricted shell, but can't find any details. Sorry if this is a little too late but your best bets are of (chmod,chown,chflags) also in (/etc/login.conf). Besides that it doesnt matter in a normal environment if a reg'd user messes with system commands, they wont beable to change anything with the system anyway and even if you didnt resitrict the commands that they can execute they just might report to syslog that the $UID was trying to use them and give you a heads up on trying to keep track of the user at hand. Best of luck: for more great info on FreeBSD and its options check out freebsd.org/handbook /faq and http://draenor.org/securebsd/secure.txt Best of luck --c0ldbyte This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.