![](/i/fill.gif) |
![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
Rafal 'Raf256' Maj wrote:
> Hi,
> I would like allow user to log into my box via SSH and run povray there.
>
> Its important to deny user to do anything "evil" including accessing
> itnernet, running other applicaitons, etc.
>
> He olny can login, up/download own files, run povray(and moray), use
> kill/top/ps.
>
> How can I make something like this? In example - on Debian.
>
>
The problem with chroot on modern unixes is that they tend to have a lot
of shared libraries and simply copying executables into ~/bin and chrooting
to ~/ doesn't work because the shared libs are outside of the jail.
At a minimum you need a statically linked shell inside the jail, many
systems have a /bin/bash_static or similar for emergencies. then you need
to build pov statically linked also, and any other utils you want to
provide.
This little test worked for me:
billh@Tarragon ~ $ sudo chroot ~/ /bin/bash_static
chroot: cannot run command `/bin/bash_static': No such file or directory
billh@Tarragon ~ $ cp /bin/bash_static ~/bin
billh@Tarragon ~ $ sudo chroot ~/ /bin/bash_static
I have no name!@Tarragon / # ls
bash_static: ls: command not found
--
Bill Hails
http://thyme.homelinux.net/
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
war### [at] tag povray org news:41a49b05@news.povray.org
> is to disconnect the computer from the internet altogether.
Then I wont be able to SSH to it in first place ;)
--
http://www.raf256.com/3d/
Rafal Maj 'Raf256', home page - http://www.raf256.com/me/
Computer Graphics
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
openbsd would be better......
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
Rafal 'Raf256' Maj wrote:
> Hi,
> I would like allow user to log into my box via SSH and run povray there.
>
> Its important to deny user to do anything "evil" including accessing
> itnernet, running other applicaitons, etc.
>
> He olny can login, up/download own files, run povray(and moray), use
> kill/top/ps.
2 solutions come to me :
1/ create a user where the login shell is program displaying a menu
where actions is allowed actions (launching pov, killing its process, ...).
2/ easiest : why don't you use a web interface ? It's quite easy to
manage processes for example in PHP. It can handle by itself downloading.
(I'm working - sssslllooowwwwwllly - on this kind of stuff)
Lolo
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |