binary execute restrictions
cswiger at mac.com
Wed Jan 14 13:33:51 PST 2004
On Jan 13, 2004, at 9:04 PM, Lowell Gilbert wrote:
> I suspect that a restricted shell isn't going to be appropriate in
> this case. Restricted shells are useful for avoiding shooting
> yourself in the foot, but they're really not intended to be secure.
You're probably right that my suggestion is only a partial solution,
but using a restricted shell and chroot()ing these users to a home
directory that isn't owned/writable by that UID should come pretty
close to solving the Original Poster's problem.
It might also be the case that the OP might be better off not
generating "normal user accounts", but using application-specific user
databases (such as found in software like Cyrus) to give controlled
access to a particular service.
More information about the freebsd-questions