Re: limiting user access
Carey Evans <c.evans@clear.net.nz> writes:
> Put /var/tmp on a different partition than /var (and /tmp on a
> different partition than /). This also stops them from keeping huge
> files in /var/tmp where the news spool, mail spool and logs are.
Of course, if you're being this paranoid, you should probably be using
disk quotas anyway, which ameliorate most of the problems associated
with sharing system and user data.
One tip (which I haven't tried, so can't comment on its
effectiveness), is to make the soft limit something small, and the
hard limit something large, then rely on the grace period to ensure
that anyone who does play with big files gets rid of them quickly. For
/tmp and /var/tmp, a 24 hour grace period would probably be
reasonable.
Only if you're being fascist, of course.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. PGP encrypted mail preferred.
``It's not a vision, or a fear. It's just a thought.''
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: