In <[🔎] dbfe76710906100744h3131444bx940d15687ac1cd5e@mail.gmail.com>, Tony Asnicar wrote: >Are there any good shells for a "guest user" - I mean not to give him >"/bin/bash" :S - or does someone know good howtos for limiting a shell? You can't. Not really. There are a number of "restricted shells" available, but most can be worked around by starting vim or emacs and using their command-invocation to start a shell of your choice. Last I checked, once you get there you can use 'chsh -s /bin/zsh' to get a real shell next time you login. The are *very* restrictive shells like sftp-only, but they are intended to only provide the minimum required for another front-end to process. They often are difficult for a user to even interact with directly. Finally, if your user is coming in via ssh, you can restrict their public key to being allowed to issue specific commands, never getting a shell. >(like "disabling it", so that he can only log in to GUI and start a > browser, etc..) Assuming the user is sitting in front of the computer, and your computer reboots without user interaction, they effectively have root access. (reboot with init=/bin/sh mostly) I'd stop worrying about what programs they can run. Set their resource limits appropriately and double-check your file system permissions and let them have a full shell. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.