From owner-freebsd-questions@FreeBSD.ORG Fri Sep 24 12:05:35 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64B8216A4CE for ; Fri, 24 Sep 2004 12:05:35 +0000 (GMT) Received: from destiny.chrononomicon.com (mail.chrononomicon.com [65.193.73.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E14343D45 for ; Fri, 24 Sep 2004 12:05:35 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from [127.0.0.1] (destiny.chrononomicon.com [192.168.1.42]) by destiny.chrononomicon.com (Postfix) with ESMTP id C14AB1FE26 for ; Fri, 24 Sep 2004 08:05:26 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v619) In-Reply-To: <001101c4a1d1$639ce540$460011ac@SATPC> References: <2D8BB15C7B5C214F81C32D3A83B32736013D45B3@idbexc01.americas.cpqcorp.net> <20040923223849.GK40647@therub.org> <001101c4a1d1$639ce540$460011ac@SATPC> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <04C62390-0E22-11D9-B75A-000D9338770A@chrononomicon.com> Content-Transfer-Encoding: 7bit From: Bart Silverstrim Date: Fri, 24 Sep 2004 08:05:25 -0400 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.619) Subject: Re: Ultimately Safe User Account X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Sep 2004 12:05:35 -0000 On Sep 23, 2004, at 8:56 PM, Andrew wrote: > Dan Rue wrote: >> >> How's he supposed to learn anything if all you give him is a jail with >> ls cp mv sh and vi? sheesh. That'll turn him off unix pretty quick. > > > Thanks for your feedback. I guess I'll just let him in and try not to > worry. Well, the trouble is that I am the one administering the box and > that it was this summer when I started reading heaps of unix/bsd > documentation - for the first time in my life. I'm still paranoid about > my own actions, not to mention smb's else. I'll give him cygwin/livecd > as well, though. > If you're somewhat new (even if you're not...) I'd even more strongly suggest investing in VMWare or some other VM software using disk images to work from...it's the ultimate free reign learning environment and virtual jail. Even seasoned admins can get lazy or get hit by some new trick in the book that they didn't previously know about. No one I worked with was really familiar with SSH beyond the command line access...and they were impressed with X forwarding. Then I learned about port redirection using SSH, so any ssh-accessible machine on the Internet could potentially be used to see any other machines within the same subnet as the ssh server, allowing me access to some machines not visible with simple scans of a NATed network. Took a few times explaining how it worked, and it's come in handy for remote administration at times and the people I explained the technique to were impressed at the potential for this to be helpful as a tool (and as a potential security breach...) The point is that there are more things in system administration and user's minds than dreamt of in any single admin's philosophy, Horatio :-) -Bart