Re: Limiting User Commands

To: debian-isp@lists.debian.org, debian-user@lists.debian.org
Subject: Re: Limiting User Commands
From: martin f krafft <madduck@debian.org>
Date: Sun, 7 Nov 2004 15:19:29 +0100
Message-id: <[🔎] 20041107141929.GA28504@cirrus.madduck.net>
Mail-followup-to: debian-isp@lists.debian.org, debian-user@lists.debian.org
In-reply-to: <[🔎] 20041107141416.GA11837@steve.org.uk>
References: <[🔎] 3f9fee5104110509315629b895@mail.gmail.com> <[🔎] 20041105231328.GB16508@aokiconsulting.com> <[🔎] 3f9fee510411051535a4ad332@mail.gmail.com> <[🔎] 20041107141416.GA11837@steve.org.uk>

also sprach Steve Kemp <skx@debian.org> [2004.11.07.1514 +0100]:
>   If you're operating a shared system and want to keep seperate
>  web users isolated from each other using rbash, chroots or
>  similar should be sufficient.

Neither rbash not chroots are security measures. They are hurdles at
most, but can be easily circumvented. Use virtual machines instead
of chroots, and process and filesystem ACLs instead of rbash.

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>
- Re: Limiting User Commands
  - From: Osamu Aoki <osamu@debian.org>
- Re: Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>
- Re: Limiting User Commands
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Re: USB flash disk
Next by Date: Re: USB flash disk
Previous by thread: Re: Limiting User Commands
Next by thread: Re: Limiting User Commands
Index(es):
- Date
- Thread