* making secure limitations for non-root users
@ Tyler Littlefield
` Tom Moore
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Tyler Littlefield @ UTC (permalink / raw)
To: Speakup is a screen review system for Linux.
Hello,
I've got a quick couple of questions:
First, I'd like to allow users to connect and host a mud on my system.
I would, however like to limit them in disk space (I can figure that one out), in port usage (not sure how to do this one, would like to limit what ports they can open), programs they can run, and also what they can view on the system.
Any ideas?
Thanks,
_|_|_|_|_| _| _|_|_|_|
_| _|_|_| _| _|_|_|
_| _| _| _|_|_| _|
_| _| _| _| _|
_| _| _| _|_|_|_| _|_|_|
Visit TDS for quality software and website production
http://tysdomain.com
msn: tyler@tysdomain.com
aim: st8amnd2005
skype: st8amnd127
^ permalink raw reply [flat|nested] 9+ messages in thread* RE: making secure limitations for non-root users making secure limitations for non-root users Tyler Littlefield @ ` Tom Moore ` Tyler Littlefield ` Gregory Nowak ` Tony Baechler 2 siblings, 1 reply; 9+ messages in thread From: Tom Moore @ UTC (permalink / raw) To: 'Speakup is a screen review system for Linux.' I don't quite remember the name of a kernel patch that has some things in it that will allow you to tighten down your system far better than the normal kernel when it comes to limiting users. First off, you shouldn't allow users to run server type processes unless you have too. You should run them, then grant the user access to read log files from the processes and such. This is so that you know all services / processes that are running on your machine. Tom -----Original Message----- From: speakup-bounces@braille.uwo.ca [mailto:speakup-bounces@braille.uwo.ca] On Behalf Of Tyler Littlefield Sent: Thursday, September 18, 2008 2:40 PM To: Speakup is a screen review system for Linux. Subject: making secure limitations for non-root users Hello, I've got a quick couple of questions: First, I'd like to allow users to connect and host a mud on my system. I would, however like to limit them in disk space (I can figure that one out), in port usage (not sure how to do this one, would like to limit what ports they can open), programs they can run, and also what they can view on the system. Any ideas? Thanks, _|_|_|_|_| _| _|_|_|_| _| _|_|_| _| _|_|_| _| _| _| _|_|_| _| _| _| _| _| _| _| _| _| _|_|_|_| _|_|_| Visit TDS for quality software and website production http://tysdomain.com msn: tyler@tysdomain.com aim: st8amnd2005 skype: st8amnd127 _______________________________________________ Speakup mailing list Speakup@braille.uwo.ca http://speech.braille.uwo.ca/mailman/listinfo/speakup ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: making secure limitations for non-root users ` Tom Moore @ ` Tyler Littlefield 0 siblings, 0 replies; 9+ messages in thread From: Tyler Littlefield @ UTC (permalink / raw) To: Speakup is a screen review system for Linux. hello, the service is going to be a mud based service, there are many muds out there, and people might install patches, etc. Thanks, _|_|_|_|_| _| _|_|_|_| _| _|_|_| _| _|_|_| _| _| _| _|_|_| _| _| _| _| _| _| _| _| _| _|_|_|_| _|_|_| Visit TDS for quality software and website production http://tysdomain.com msn: tyler@tysdomain.com aim: st8amnd2005 skype: st8amnd127 ----- Original Message ----- From: "Tom Moore" <tom@tomstroubleshooting.com> To: "'Speakup is a screen review system for Linux.'" <speakup@braille.uwo.ca> Sent: Friday, September 19, 2008 3:14 PM Subject: RE: making secure limitations for non-root users >I don't quite remember the name of a kernel patch that has some things in >it > that will allow you to tighten down your system far better than the normal > kernel when it comes to limiting users. > > First off, you shouldn't allow users to run server type processes unless > you > have too. You should run them, then grant the user access to read log > files > from the processes and such. This is so that you know all services / > processes that are running on your machine. > > Tom > > -----Original Message----- > From: speakup-bounces@braille.uwo.ca > [mailto:speakup-bounces@braille.uwo.ca] > On Behalf Of Tyler Littlefield > Sent: Thursday, September 18, 2008 2:40 PM > To: Speakup is a screen review system for Linux. > Subject: making secure limitations for non-root users > > Hello, > I've got a quick couple of questions: > First, I'd like to allow users to connect and host a mud on my system. > I would, however like to limit them in disk space (I can figure that one > out), in port usage (not sure how to do this one, would like to limit what > ports they can open), programs they can run, and also what they can view > on > the system. > Any ideas? > > > Thanks, > _|_|_|_|_| _| _|_|_|_| > _| _|_|_| _| _|_|_| > _| _| _| _|_|_| _| > _| _| _| _| _| > _| _| _| _|_|_|_| _|_|_| > Visit TDS for quality software and website production > http://tysdomain.com > msn: tyler@tysdomain.com > aim: st8amnd2005 > skype: st8amnd127 > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > __________ NOD32 3457 (20080919) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: making secure limitations for non-root users making secure limitations for non-root users Tyler Littlefield ` Tom Moore @ ` Gregory Nowak ` Tyler Littlefield ` Tony Baechler 2 siblings, 1 reply; 9+ messages in thread From: Gregory Nowak @ UTC (permalink / raw) To: Speakup is a screen review system for Linux. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom has already told you what the best approach would be. However, let me try to specifically answer your questions. On Thu, Sep 18, 2008 at 12:39:40PM -0600, Tyler Littlefield wrote: > I would, however like to limit them in disk space (I can figure that one out), Ok. > in port usage (not sure how to do this one, would like to limit what ports they can open), The only thing I can think of for that is the obvious, a firewall. However, that would apply to everyone on the system. There is something called owner match support, when you're configuring the firewall stuff in the kernel, however, I'm not sure if that does what it actually suggests, or something else. Sorry, that's all I can tell you there, maybe a firewall howto somewhere would tell you more. > programs they can run, The best way I can think of to do that, is to create a group on your system, where all the binaries you want users to access are a part of that group. Then, add the users you want to be able to access those binaries to that group as well, and leave the rest binaries/users out. On my debian system, there is a group called bin, but most of my binaries are in root's group. I'm not sure if the bin group is reserved for something else, or if it is there for what its name suggests, and it's up to the system admin to use it as he/she wishes. > and also what they can view on the system. You need to be more specific. What do you want them to be able to view, man pages, text files, contents of specific directories, what? Greg - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager@EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjUG8gACgkQ7s9z/XlyUyDY8QCeMyiUbYUWG+XeixZqmeq2vnxW zckAoLvhv/znPYpTPB1hr6BxFVZl81/r =+v8G -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: making secure limitations for non-root users ` Gregory Nowak @ ` Tyler Littlefield ` Tom Moore ` Jim Kutsch 0 siblings, 2 replies; 9+ messages in thread From: Tyler Littlefield @ UTC (permalink / raw) To: Speakup is a screen review system for Linux. I'll dig around for that kernel patch. Like, limiting them to viewing home dirs, other people's dirs. I can do chmod a-r /home, and then chmod o-rx /home/user, but would there be anything else I'd need to limit for security reasons? I'd not like to scrue up perms on logs, but would rather not them see /var/log. Thanks, _|_|_|_|_| _| _|_|_|_| _| _|_|_| _| _|_|_| _| _| _| _|_|_| _| _| _| _| _| _| _| _| _| _|_|_|_| _|_|_| Visit TDS for quality software and website production http://tysdomain.com msn: tyler@tysdomain.com aim: st8amnd2005 skype: st8amnd127 ----- Original Message ----- From: "Gregory Nowak" <greg@romuald.net.eu.org> To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca> Sent: Friday, September 19, 2008 3:38 PM Subject: Re: making secure limitations for non-root users > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tom has already told you what the best approach would be. However, let > me try to specifically answer your questions. > > On Thu, Sep 18, 2008 at 12:39:40PM -0600, Tyler Littlefield wrote: >> I would, however like to limit them in disk space (I can figure that > one out), > > Ok. > >> in port usage (not sure how to do this one, would like to limit what > ports they can open), > > The only thing I can think of for that is the obvious, a > firewall. However, that would apply to everyone on the system. There > is something called owner match support, when you're configuring the > firewall stuff in the kernel, however, I'm not sure if that does what > it actually suggests, or something else. Sorry, that's all I can tell > you there, maybe a firewall howto somewhere would tell you more. > >> programs they can run, > > The best way I can think of to do that, is to create a group on your > system, where all the binaries you want users to access are a part of > that group. Then, add the users you want to be able to access those > binaries to that group as well, and leave the rest binaries/users > out. On my debian system, there is a group called bin, but most of my > binaries are in root's group. I'm not sure if the bin group is > reserved for something else, or if it is there for what its name > suggests, and it's up to the system admin to use it as he/she wishes. > >> and also what they can view on the system. > > You need to be more specific. What do you want them to be able to > view, man pages, text files, contents of specific directories, what? > > Greg > > > - -- > web site: http://www.romuald.net.eu.org > gpg public key: http://www.romuald.net.eu.org/pubkey.asc > skype: gregn1 > (authorization required, add me to your contacts list first) > > - -- > Free domains: http://www.eu.org/ or mail dns-manager@EU.org > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkjUG8gACgkQ7s9z/XlyUyDY8QCeMyiUbYUWG+XeixZqmeq2vnxW > zckAoLvhv/znPYpTPB1hr6BxFVZl81/r > =+v8G > -----END PGP SIGNATURE----- > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > __________ NOD32 3457 (20080919) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: making secure limitations for non-root users ` Tyler Littlefield @ ` Tom Moore ` Jim Kutsch 1 sibling, 0 replies; 9+ messages in thread From: Tom Moore @ UTC (permalink / raw) To: 'Speakup is a screen review system for Linux.' By default users can not read files in /var/log so you don't have to worry about that. If your running a system and don't trust the users who you are allowing on to the system not to do anything wrong while you yourself are still learning how to secure the system up you could be asking for real trouble. Remember as a residential user and this may to apply to business users as well you are responsible for anything that goes in to or out of your internet connection, and if you don't trust who is actively using it at the end of the day it could be your head on the chopping block when it comes to issues with your isp. Tom -----Original Message----- From: speakup-bounces@braille.uwo.ca [mailto:speakup-bounces@braille.uwo.ca] On Behalf Of Tyler Littlefield Sent: Friday, September 19, 2008 5:40 PM To: Speakup is a screen review system for Linux. Subject: Re: making secure limitations for non-root users I'll dig around for that kernel patch. Like, limiting them to viewing home dirs, other people's dirs. I can do chmod a-r /home, and then chmod o-rx /home/user, but would there be anything else I'd need to limit for security reasons? I'd not like to scrue up perms on logs, but would rather not them see /var/log. Thanks, _|_|_|_|_| _| _|_|_|_| _| _|_|_| _| _|_|_| _| _| _| _|_|_| _| _| _| _| _| _| _| _| _| _|_|_|_| _|_|_| Visit TDS for quality software and website production http://tysdomain.com msn: tyler@tysdomain.com aim: st8amnd2005 skype: st8amnd127 ----- Original Message ----- From: "Gregory Nowak" <greg@romuald.net.eu.org> To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca> Sent: Friday, September 19, 2008 3:38 PM Subject: Re: making secure limitations for non-root users > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tom has already told you what the best approach would be. However, let > me try to specifically answer your questions. > > On Thu, Sep 18, 2008 at 12:39:40PM -0600, Tyler Littlefield wrote: >> I would, however like to limit them in disk space (I can figure that > one out), > > Ok. > >> in port usage (not sure how to do this one, would like to limit what > ports they can open), > > The only thing I can think of for that is the obvious, a > firewall. However, that would apply to everyone on the system. There > is something called owner match support, when you're configuring the > firewall stuff in the kernel, however, I'm not sure if that does what > it actually suggests, or something else. Sorry, that's all I can tell > you there, maybe a firewall howto somewhere would tell you more. > >> programs they can run, > > The best way I can think of to do that, is to create a group on your > system, where all the binaries you want users to access are a part of > that group. Then, add the users you want to be able to access those > binaries to that group as well, and leave the rest binaries/users > out. On my debian system, there is a group called bin, but most of my > binaries are in root's group. I'm not sure if the bin group is > reserved for something else, or if it is there for what its name > suggests, and it's up to the system admin to use it as he/she wishes. > >> and also what they can view on the system. > > You need to be more specific. What do you want them to be able to > view, man pages, text files, contents of specific directories, what? > > Greg > > > - -- > web site: http://www.romuald.net.eu.org > gpg public key: http://www.romuald.net.eu.org/pubkey.asc > skype: gregn1 > (authorization required, add me to your contacts list first) > > - -- > Free domains: http://www.eu.org/ or mail dns-manager@EU.org > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkjUG8gACgkQ7s9z/XlyUyDY8QCeMyiUbYUWG+XeixZqmeq2vnxW > zckAoLvhv/znPYpTPB1hr6BxFVZl81/r > =+v8G > -----END PGP SIGNATURE----- > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > __________ NOD32 3457 (20080919) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > _______________________________________________ Speakup mailing list Speakup@braille.uwo.ca http://speech.braille.uwo.ca/mailman/listinfo/speakup ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: making secure limitations for non-root users ` Tyler Littlefield ` Tom Moore @ ` Jim Kutsch ` Tyler Littlefield 1 sibling, 1 reply; 9+ messages in thread From: Jim Kutsch @ UTC (permalink / raw) To: Speakup is a screen review system for Linux. In the 1980s, I had a Unix system connected to a ham radio via packet radio interface hardware. I was using it myself but wanted the users via radio to run email and Netnews and be isolated from the rest of the system where I kept my stuff. I set up a chroot environment in which users had a very little piece of the entire system. It required only an amazingly few things to be available in the root of the chroot directory. If I remember correctly, I had to have /etc/passwd, /etc/group, /etc/getty, a few things in /bin and /usr/bin, and the software I allowed these remote users to access. There was even a login called "newuser" with no password that ran a customized add user script so a user could create his/her own account. Since you are learning Linux, I'd recommend you go explore chroot and start thinking about how very little you really need in the isolated environment. Have fun. Jim ----- Original Message ----- From: "Tyler Littlefield" <tyler@tysdomain.com> To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca> Sent: Friday, September 19, 2008 5:40 PM Subject: Re: making secure limitations for non-root users I'll dig around for that kernel patch. Like, limiting them to viewing home dirs, other people's dirs. I can do chmod a-r /home, and then chmod o-rx /home/user, but would there be anything else I'd need to limit for security reasons? I'd not like to scrue up perms on logs, but would rather not them see /var/log. Thanks, _|_|_|_|_| _| _|_|_|_| _| _|_|_| _| _|_|_| _| _| _| _|_|_| _| _| _| _| _| _| _| _| _| _|_|_|_| _|_|_| Visit TDS for quality software and website production http://tysdomain.com msn: tyler@tysdomain.com aim: st8amnd2005 skype: st8amnd127 ----- Original Message ----- From: "Gregory Nowak" <greg@romuald.net.eu.org> To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca> Sent: Friday, September 19, 2008 3:38 PM Subject: Re: making secure limitations for non-root users > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tom has already told you what the best approach would be. However, let > me try to specifically answer your questions. > > On Thu, Sep 18, 2008 at 12:39:40PM -0600, Tyler Littlefield wrote: >> I would, however like to limit them in disk space (I can figure that > one out), > > Ok. > >> in port usage (not sure how to do this one, would like to limit what > ports they can open), > > The only thing I can think of for that is the obvious, a > firewall. However, that would apply to everyone on the system. There > is something called owner match support, when you're configuring the > firewall stuff in the kernel, however, I'm not sure if that does what > it actually suggests, or something else. Sorry, that's all I can tell > you there, maybe a firewall howto somewhere would tell you more. > >> programs they can run, > > The best way I can think of to do that, is to create a group on your > system, where all the binaries you want users to access are a part of > that group. Then, add the users you want to be able to access those > binaries to that group as well, and leave the rest binaries/users > out. On my debian system, there is a group called bin, but most of my > binaries are in root's group. I'm not sure if the bin group is > reserved for something else, or if it is there for what its name > suggests, and it's up to the system admin to use it as he/she wishes. > >> and also what they can view on the system. > > You need to be more specific. What do you want them to be able to > view, man pages, text files, contents of specific directories, what? > > Greg > > > - -- > web site: http://www.romuald.net.eu.org > gpg public key: http://www.romuald.net.eu.org/pubkey.asc > skype: gregn1 > (authorization required, add me to your contacts list first) > > - -- > Free domains: http://www.eu.org/ or mail dns-manager@EU.org > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkjUG8gACgkQ7s9z/XlyUyDY8QCeMyiUbYUWG+XeixZqmeq2vnxW > zckAoLvhv/znPYpTPB1hr6BxFVZl81/r > =+v8G > -----END PGP SIGNATURE----- > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > __________ NOD32 3457 (20080919) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > _______________________________________________ Speakup mailing list Speakup@braille.uwo.ca http://speech.braille.uwo.ca/mailman/listinfo/speakup ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: making secure limitations for non-root users ` Jim Kutsch @ ` Tyler Littlefield 0 siblings, 0 replies; 9+ messages in thread From: Tyler Littlefield @ UTC (permalink / raw) To: Speakup is a screen review system for Linux. that sounds fun... I'll do that. Thanks a ton, Thanks, _|_|_|_|_| _| _|_|_|_| _| _|_|_| _| _|_|_| _| _| _| _|_|_| _| _| _| _| _| _| _| _| _| _|_|_|_| _|_|_| Visit TDS for quality software and website production http://tysdomain.com msn: tyler@tysdomain.com aim: st8amnd2005 skype: st8amnd127 ----- Original Message ----- From: "Jim Kutsch" <jimkutsch@yahoo.com> To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca> Sent: Saturday, September 20, 2008 3:40 PM Subject: Re: making secure limitations for non-root users > In the 1980s, I had a Unix system connected to a ham radio via packet > radio > interface hardware. I was using it myself but wanted the users via radio > to > run email and Netnews and be isolated from the rest of the system where I > kept my stuff. I set up a chroot environment in which users had a very > little piece of the entire system. It required only an amazingly few > things > to be available in the root of the chroot directory. If I remember > correctly, I had to have /etc/passwd, /etc/group, /etc/getty, a few things > in /bin and /usr/bin, and the software I allowed these remote users to > access. There was even a login called "newuser" with no password that ran > a > customized add user script so a user could create his/her own account. > > Since you are learning Linux, I'd recommend you go explore chroot and > start > thinking about how very little you really need in the isolated > environment. > > Have fun. > > Jim > > > ----- Original Message ----- > From: "Tyler Littlefield" <tyler@tysdomain.com> > To: "Speakup is a screen review system for Linux." > <speakup@braille.uwo.ca> > Sent: Friday, September 19, 2008 5:40 PM > Subject: Re: making secure limitations for non-root users > > > I'll dig around for that kernel patch. > Like, limiting them to viewing home dirs, other people's dirs. I can do > chmod a-r /home, and then chmod o-rx /home/user, but would there be > anything > else I'd need to limit for security reasons? I'd not like to scrue up > perms > on logs, but would rather not them see /var/log. > > > Thanks, > _|_|_|_|_| _| _|_|_|_| > _| _|_|_| _| _|_|_| > _| _| _| _|_|_| _| > _| _| _| _| _| > _| _| _| _|_|_|_| _|_|_| > Visit TDS for quality software and website production > http://tysdomain.com > msn: tyler@tysdomain.com > aim: st8amnd2005 > skype: st8amnd127 > ----- Original Message ----- > From: "Gregory Nowak" <greg@romuald.net.eu.org> > To: "Speakup is a screen review system for Linux." > <speakup@braille.uwo.ca> > Sent: Friday, September 19, 2008 3:38 PM > Subject: Re: making secure limitations for non-root users > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Tom has already told you what the best approach would be. However, let >> me try to specifically answer your questions. >> >> On Thu, Sep 18, 2008 at 12:39:40PM -0600, Tyler Littlefield wrote: >>> I would, however like to limit them in disk space (I can figure that >> one out), >> >> Ok. >> >>> in port usage (not sure how to do this one, would like to limit what >> ports they can open), >> >> The only thing I can think of for that is the obvious, a >> firewall. However, that would apply to everyone on the system. There >> is something called owner match support, when you're configuring the >> firewall stuff in the kernel, however, I'm not sure if that does what >> it actually suggests, or something else. Sorry, that's all I can tell >> you there, maybe a firewall howto somewhere would tell you more. >> >>> programs they can run, >> >> The best way I can think of to do that, is to create a group on your >> system, where all the binaries you want users to access are a part of >> that group. Then, add the users you want to be able to access those >> binaries to that group as well, and leave the rest binaries/users >> out. On my debian system, there is a group called bin, but most of my >> binaries are in root's group. I'm not sure if the bin group is >> reserved for something else, or if it is there for what its name >> suggests, and it's up to the system admin to use it as he/she wishes. >> >>> and also what they can view on the system. >> >> You need to be more specific. What do you want them to be able to >> view, man pages, text files, contents of specific directories, what? >> >> Greg >> >> >> - -- >> web site: http://www.romuald.net.eu.org >> gpg public key: http://www.romuald.net.eu.org/pubkey.asc >> skype: gregn1 >> (authorization required, add me to your contacts list first) >> >> - -- >> Free domains: http://www.eu.org/ or mail dns-manager@EU.org >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> >> iEYEARECAAYFAkjUG8gACgkQ7s9z/XlyUyDY8QCeMyiUbYUWG+XeixZqmeq2vnxW >> zckAoLvhv/znPYpTPB1hr6BxFVZl81/r >> =+v8G >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Speakup mailing list >> Speakup@braille.uwo.ca >> http://speech.braille.uwo.ca/mailman/listinfo/speakup >> >> __________ NOD32 3457 (20080919) Information __________ >> >> This message was checked by NOD32 antivirus system. >> http://www.eset.com >> >> > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > __________ NOD32 3457 (20080919) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: making secure limitations for non-root users making secure limitations for non-root users Tyler Littlefield ` Tom Moore ` Gregory Nowak @ ` Tony Baechler 2 siblings, 0 replies; 9+ messages in thread From: Tony Baechler @ UTC (permalink / raw) To: Speakup is a screen review system for Linux. I'm sure this is obvious, but what about selinux and quota? The selinux patches are designed for security and the quota is for disk space. Tyler Littlefield wrote: > I've got a quick couple of questions: > First, I'd like to allow users to connect and host a mud on my system. > I would, however like to limit them in disk space (I can figure that one out), in port usage (not sure how to do this one, would like to limit what ports they can open), programs they can run, and also what they can view on the system. > Any ideas? > ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~ UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
making secure limitations for non-root users Tyler Littlefield
` Tom Moore
` Tyler Littlefield
` Gregory Nowak
` Tyler Littlefield
` Tom Moore
` Jim Kutsch
` Tyler Littlefield
` Tony Baechler
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).