From owner-freebsd-questions@FreeBSD.ORG Tue Jul 28 08:32:55 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D9A2F106566B for ; Tue, 28 Jul 2009 08:32:55 +0000 (UTC) (envelope-from miklosovic.freebsd@gmail.com) Received: from mail-bw0-f219.google.com (mail-bw0-f219.google.com [209.85.218.219]) by mx1.freebsd.org (Postfix) with ESMTP id 6669F8FC0C for ; Tue, 28 Jul 2009 08:32:55 +0000 (UTC) (envelope-from miklosovic.freebsd@gmail.com) Received: by bwz19 with SMTP id 19so3022580bwz.43 for ; Tue, 28 Jul 2009 01:32:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=MZtfQ0lIjNIQD0ZXdCH9g9N5T6R9yK69sasmHRzk6k8=; b=MIMrItb78QKGj6edRBQfaCqoVI9AXE6N8GinDz8zLnV15iEjR/T90BdPLH7hwvlxGK 3j8rAWOuCOQOJVyyacpFPwf5Z9l9WzzymUi16H/pQMkZJ/xgDnXREZglhhZalpMGSFCX vhrN4aKOZMypxc4OI4WsgJudJCJiOCh8xaXyI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=x8y6qeusrWSO41G8i7k5ayv5ZRadIYpOusiUTxPIK+jIorJPm3SSG+R5wgwsh2XKXk QZzq5c7TQdJpyUrFOX3jFG1onAOcKTJOUULFW8od+sOgV3eX6e7q37RpWUFfVWBAq0G+ avlsMOdxKqVevbIgQl6JylvwfMVOiDbmzOtss= MIME-Version: 1.0 Received: by 10.103.189.8 with SMTP id r8mr3756085mup.11.1248769974300; Tue, 28 Jul 2009 01:32:54 -0700 (PDT) Date: Tue, 28 Jul 2009 10:32:53 +0200 Message-ID: From: Stefan Miklosovic To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: close users in jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2009 08:32:56 -0000 hi all, I am going to do some research in area of creating server in educational sphere, for example for some computer course at an university. At this server, there would be a > lot < of users (in tens, even hundreds) and I am also going to write some kind of shell script, which all of this does automatically. (something like pw but it makes as lot of accounts as I want to). At this configuration, it is inevitable to secure some tries of hacking and security attacks on the main system. I would like to get all users into jail (jail in computer :D) I know, if server has good security policy, I shouldn't be afraid, but in the end of course, I can delete all of that stuff very easily. It is a good idea? Some pros / cons ? I would like to get into jail also essential services, apache, ftp, quotas. The biggest "why" I want to do this that way is a fact there are some other important services at the main server. thank you in advance for response