On Mon, Mar 19, 2001 at 12:24:59PM +0000, Colin Phipps wrote: > > You'll have to tie down the telnet options somehow; looking at telnet(1) > it has options for logging data etc (I'm thinking of one user enabling > logging to capture other users' passwords). this restricted account should not have a writable home directory, the .bashrc files should have a very restricted environment set, along with a PATH of ~/bin only with a symlink to ssh and maybe telnet. anyone using the machine should log it all the way out to a getty and relogin to ensure no aliases or such are employed to cause troubles.. perhaps a better option even is to setup a menu so that interactive access to the local shell itself is not possible. i would also use idled to kill the login after a short period of inactivity as that can help kill any traps a previous luser might try and set. so long as the entire home directory is owned by root and read-only it shouldn't be possible to make any persistent changes to the account. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpyUCsjC0RJB.pgp
Description: PGP signature