On Sat, 09 Sep 2000, Christoph Groth wrote: > > If they don't have root, are there things that I should make > > off-limits that might not be on a stock Debian 2.2 system? > > I don't know how technically sophisticated your family is but I assume > that your sister is not a cracker and your father not a > Unix-guru. Denying them root access should be fully sufficient. This > works fine with my family at least - everyone has his/her own account > and may play at will. I have the same situation here. My family is far more than trustable enough to be considered "non hostile users", so I give them a regular user account. That's all there is to it. > Anyways _if_ you'd like to have a fully secure system you'd have to > think about preventing them from physically accessing the system which > you are unlikely to have done. If they can turn off the machine they > could damage the file system for example. Yup. I'd suggest you allow them to CTRL+ALT+DEL (map it to shutdown) the box at any time, no matter how annoying, it's far better than a sudden powerdown. Maybe add a 1 minute delay time (and TELL THEM ABOUT IT or they'll think it didn't work and press the power button anyway :-) ) so as you can hastly log off if you're remotely logged in... If your family qualifies as hostile users (and are not technically inept), you'll have to be paranoid about suid binaries and local root compromises, be very careful about NFS and all sort of other related headaches. You'll need to have a trusted, phisically secure machine hosting all the data (the "server"), and other machines to act as terminals... You'd be better off getting every one their own private computer, and locking yours up while not in use IMHO :-) -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Attachment:
pgp8zgjuiHXc4.pgp
Description: PGP signature