Bob Proulx <b...@proulx.com> wrote:
>Abou Al Montacir wrote:
>> Maybe create a new groups "trusted" and do the following
>> cd /bin
>> chown root.trusted *
>> chmod 750 *
>> for ff in $ {TRUSTED_BIN_LIST} ; do chmod o=rx $ff ; done
>
>With this users can still create files and copy the programs they want
>to run onto the system and run their own copy of them.At least theoretically, it would be possible to restrict the areas where this specific user can write to file systems mounted noexec. But then one would probably have to get rid off the 777 on /tmp. It might also be an idea to have a look at the restricted shells (bash --restricted). Additionally, if there is any MAC system such as AppArmor or SELinux, those might be of use, too. Of course, the biggest/main problem is the OP not being very clear with what he wants to achieve. Best regards, Claudius -- Welcome to the Zoo! Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120303015846.11bb0...@ares.home.chubig.net
