From owner-freebsd-questions  Thu Jun  6 11:32:33 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from altair.mukappabeta.net (altair.mukappabeta.net [194.145.150.157])
	by hub.freebsd.org (Postfix) with ESMTP id 3264237B40D
	for <FreeBSD-Questions@FreeBSD.ORG>; Thu,  6 Jun 2002 11:32:21 -0700 (PDT)
Received: by altair.mukappabeta.net (Postfix, from userid 1001)
	id 679416CF; Thu,  6 Jun 2002 18:18:35 +0200 (CEST)
Date: Thu, 6 Jun 2002 18:18:35 +0200
From: Matthias Buelow <mkb@mukappabeta.de>
To: tnu@chania.di.uoa.gr
Cc: FreeBSD-Questions@FreeBSD.ORG
Subject: Re: Restrict user access on FreeBSD
Message-ID: <20020606161835.GB353@altair.mukappabeta.net>
References: <20020605235934.Q45306-100000@earl-grey.cloud9.net> <Pine.GSO.4.44.0206061521000.454-100000@chania.di.uoa.gr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.44.0206061521000.454-100000@chania.di.uoa.gr>
User-Agent: Mutt/1.3.28i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

tnu@chania.di.uoa.gr writes:

>I have defined the user's PATH to a directory like "/usr/restr-bin" and
>put there symlinks to the programs I wish them to execute. I have not
>chmod-ed anything else, IIRC.

It might also be beneficial to mount the user's home fs noexec, since
otherwise he could just upload the programs he desires and run them
off his homedir.

--mkb


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message