Am Samstag, 18. Januar 2014, 01:23:16 schrieb Aubrey Raech: > Hey debian-user list-- > > I have a friend in another country who only uses Windows, and I wanted > to show him a programming project I've been working on. This program > only runs on GNU/Linux as of now, and is accessed through the terminal. > > My first thought is that this isn't a problem; I have a VPS running > Debian wheezy. I could set up a user account for my friend and he could > log in with Putty via ssh and run the program per my instructions. > > The problem arises in that I don't necessarily trust that he won't go > snooping. For example, I'd prefer if he not have access to the system > outside of his home folder (apart of course from the binaries necessary > to run my program and things like his shell and related functions). > I've run this... > > # chmod o-x /home/aubrey > > ...so that he can't access at least my personal things, but honestly I'd > prefer he only really be able to run the one program. Is there some > other method for doing this that's eluding me? Or are there other > tips/tricks for significantly locking down somebody's login shell on a > system? > > Just thought I'd pick the brains of the debian-user list and see what I > can come up with! ;) You can require him to generate a SSH key. And you add that to ~/.ssh/authorized_keys and add COMMAND="/path/to/your/program" (see AUTHORIZED_KEYS FILE FORMAT in sshd manpage). The other won´t get a shell at all, just your application executed and if its ends the user is logged out again. You just need to make sure that the user can´t spawn a new shell from your application. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7
Attachment:
signature.asc
Description: This is a digitally signed message part.