Re: Limiting User Commands
Don't give them shell access, and don't let them ftp to the server.
Make them email you all the changes so you can browse for bad code.
can upload the changes. You will get tired of that real quick. Other
than this method there is always a what if factor selinux,chroot,
virtual server etc... Even if they do upload a bad script they
shouldn't have perms to do anything. You could allow the apache user to
rm -rf /* and nothing would happen if setup correctly.
>>> Stephen Le <email@example.com> 11/09/04 5:16 PM >>>
On Mon, 8 Nov 2004 09:28:10 -0900, Christopher Swingley
> Make symbolic links between allowed commands and '/usr/local/rbin'
> As I said before, this is just a simple attempt to reduce priviledge.
> There are undoubtably ways around it, some easier than others
> on what's in /usr/local/rbin.
This won't prevent users from executing banned commands with Perl
scripts called by Apache. I'm opposed to using rbash for this reason
and because some users might want to use a non-bash shell.
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact