Ultimately Safe User Account

Sheets, Jason (OZ CEEDR) jason.sheets at hp.com
Thu Sep 23 15:16:30 PDT 2004 

I'd suggest sending him a live CD of FreeBSD (LiveBSD at
http://www.livebsd.com) or Linux (Knoppix at http://www.knoppix.org) are
very good.

This will keep him on his own hardware and let him become familiar with
BSD in a fairly safe environment.

When he feels comfortable he can attempt a full install on his hardware.

Alternatively if he is just wanting to become proficient on the command
line he can install Cygwin (http://www.cygwin.com) on Windows and
Linux-like environment right on Windows and then progress to the real
thing.

I'd go with any of the above before giving him remote access but If you
are deadest on allowing him access to your system look at

man jail
man security
man login.conf

Jason




> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-
> questions at freebsd.org] On Behalf Of Andrew
> Sent: Thursday, September 23, 2004 1:30 PM
> To: freebsd-questions at freebsd.org
> Subject: Ultimately Safe User Account
> 
> Hi,
> 
> I have a production FreeBSD box. My friend is starting to learn Unix
> essentials and is asking me for an account. He doesn't require any
> special rights, but he certainly wants to be able to use shell and
read
> most manual pages. He'll access the server via Internet, SSH.
> 
> How can I create an account, so that it is completely safe to let him
> in? How can I jail/chroot him and do I need to do it this way? I want
to
> limit everything: disk space (~500Mb), RAM (~10%), processes (~30),
cpu
> (~5-10%), _internet connectivity_ (bandwidth is expensive and he must
> not be able to download much). He is new to Unix but I have to suppose
> that somebody very experienced can steal his account info.
> 
> I'd be glad if he had only very basic ls, cp, mv, as well as sh and
vi.
> I don't want him to have any browser or fetch-like utility.
> 
> I know that letting somebody log in is already a security hole, but I
> want to minimize the risks.
> 
> 
> Thanks,
> Andrew P.
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list