 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Hi,
I would like allow user to log into my box via SSH and run povray there.
Its important to deny user to do anything "evil" including accessing
itnernet, running other applicaitons, etc.
He olny can login, up/download own files, run povray(and moray), use
kill/top/ps.
How can I make something like this? In example - on Debian.
--
http://www.raf256.com/3d/
Rafal Maj 'Raf256', home page - http://www.raf256.com/me/
Computer Graphics
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Rafal 'Raf256' Maj <spa### [at] raf256 com> wrote:
> How can I make something like this? In example - on Debian.
http://povray.org/documentation/view/3.6.1/794/
--
#macro N(D)#if(D>99)cylinder{M()#local D=div(D,104);M().5,2pigment{rgb M()}}
N(D)#end#end#macro M()<mod(D,13)-6mod(div(D,13)8)-3,10>#end blob{
N(11117333955)N(4254934330)N(3900569407)N(7382340)N(3358)N(970)}// - Warp -
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> He olny can login, up/download own files, run povray(and moray), use
> kill/top/ps.
To (try to) answer your question, I'm not sure it's a good idea
to give SSH access if you want the user to run only a very limited set
of applications. However, as I have a rather limited knowledge in network
admin, I can't tell you how to restrict (if even possible) shell usage
through SSH, nor whether there are actually better alternatives. I'd
recommand you to look at some networking/Linux-dedicated forums instead.
Maybe the SSH docs deal with such things, I just never looked at it.
- NC
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> http://povray.org/documentation/view/3.6.1/794/
Warp, I hope you realize IO restrictions have nothing to do with
what Rafal is asking.
- NC
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Nicolas Calimet <pov### [at] freefr> wrote:
> Warp, I hope you realize IO restrictions have nothing to do with
> what Rafal is asking.
Well, he said:
"I would like allow user to log into my box via SSH and run povray there.
Its important to deny user to do anything "evil" including accessing
itnernet, running other applicaitons, etc."
Adding 1 and 1 made me believe he was saying "how to avoid povray from
running other applications?".
--
plane{-x+y,-1pigment{bozo color_map{[0rgb x][1rgb x+y]}turbulence 1}}
sphere{0,2pigment{rgbt 1}interior{media{emission 1density{spherical
density_map{[0rgb 0][.5rgb<1,.5>][1rgb 1]}turbulence.9}}}scale
<1,1,3>hollow}text{ttf"timrom""Warp".1,0translate<-1,-.1,2>}// - Warp -
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
war### [at] tagpovrayorg news:41a34194@news.povray.org
> Adding 1 and 1 made me believe he was saying "how to avoid povray from
> running other applications?".
But the main problem is - that while logined as SSH, he could upload an
virus/trojan and run it there ;)
--
http://www.raf256.com/3d/
Rafal Maj 'Raf256', home page - http://www.raf256.com/me/
Computer Graphics
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Rafal 'Raf256' Maj <spa### [at] raf256com> wrote:
> But the main problem is - that while logined as SSH, he could upload an
> virus/trojan and run it there ;)
But he can only run programs on this account alone. You can't "infect"
a system if you don't have superuser privileges. You can only infect
your own files.
--
#macro N(D)#if(D>99)cylinder{M()#local D=div(D,104);M().5,2pigment{rgb M()}}
N(D)#end#end#macro M()<mod(D,13)-6mod(div(D,13)8)-3,10>#end blob{
N(11117333955)N(4254934330)N(3900569407)N(7382340)N(3358)N(970)}// - Warp -
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
war### [at] tagpovrayorg news:41a493f2@news.povray.org
> But he can only run programs on this account alone. You can't "infect"
> a system if you don't have superuser privileges. You can only infect
> your own files.
He might for exampel send 100,000 spam eamils from my IP.
Or run some user to root exploit, they are realy meany of them, oly way to
be shure is to use grSecurity patch *and* gentoo disribution *and*
recompile every program in system with safelib / propolis gcc patches
(AFAIK).
--
http://www.raf256.com/3d/
Rafal Maj 'Raf256', home page - http://www.raf256.com/me/
Computer Graphics
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Rafal 'Raf256' Maj <spa### [at] raf256com> wrote:
> oly way to be shure
is to disconnect the computer from the internet altogether.
--
#macro M(A,N,D,L)plane{-z,-9pigment{mandel L*9translate N color_map{[0rgb x]
[1rgb 9]}scale<D,D*3D>*1e3}rotate y*A*8}#end M(-3<1.206434.28623>70,7)M(
-1<.7438.1795>1,20)M(1<.77595.13699>30,20)M(3<.75923.07145>80,99)// - Warp -
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 23 Nov 2004 06:30:56 -0500, "Rafal 'Raf256' Maj" <spa### [at] raf256com>
wrote:
>Hi,
>I would like allow user to log into my box via SSH and run povray there.
>
>Its important to deny user to do anything "evil" including accessing
>itnernet, running other applicaitons, etc.
>
>He olny can login, up/download own files, run povray(and moray), use
>kill/top/ps.
>
>How can I make something like this? In example - on Debian.
Perhaps that page can be useful
http://www.jmcresearch.com/projects/jail/
I have configured it on Redhat 8 without many problems. But you must
edit /etc/passwd and move some files manually.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
