• Restrict user filesystem usage & whitelist programs?
    5 replies, posted
I just got an old computer running up as a server and because of the 400gb HDD (first server has an 40gb one..) I figured I could give some friends and such users on it for stuff like irssi or bitchx inside screen and such. 1) How would I go about making so a certain user's home folder can't be let's say over 500mb? 2) Can I whitelist programs so an user can only use certain programs like, let's say screen irssi bitchx cd and ls?
[QUOTE=nikomo;24474563]1) How would I go about making so a certain user's home folder can't be let's say over 500mb?[/QUOTE] User disk quotas. [QUOTE=nikomo;24474563]2) Can I whitelist programs so an user can only use certain programs like, let's say screen irssi bitchx cd and ls?[/QUOTE] Drop them in a chroot jail when they log in. You have to be careful though, I remember there being some trick where a user could write his own /etc/passwd inside a chroot jail (if it didn't exist already) and use that to gain root privileges. Set up a directory for that user to act as a fake "root" directory. Hard link whatever programs they should have access to, then run "ldd <program>" to find out what libraries it requires. Hard link those too. [editline]12:26AM[/editline] Alternately, I'm sure you could use chmod/chown and groups.
If I properly remember, if you're in a chroot jail, there was an exploit, you could make a chroot jail inside a chroot jail and then you'd be out of the original chroot jail and the other was glitches out and you're free to do whatever. I'll probably limit how much shit they can upload but let them use all programs, I'll just delete their account if they rape the CPU.
you could try disabling their access to / and only let them execute binaries from within their home directory. seems like an easy way to do shit.
[QUOTE=ButtsexV2;24497680]you could try disabling their access to / and only let them execute binaries from within their home directory. seems like an easy way to do shit.[/QUOTE] That sounds like it would break everything.
that wholly depends on how it's all set up.
Sorry, you need to Log In to post a reply to this thread.