Raj, Your approach is what I had in mind to distribute VMs to the interns. However they are supposed to take care of deploys on Lower Environment, and hence they some how obtain the root privilege. I guess I ll have to drive a sanity check for this once !
2011/6/8 Gora Mohanty <g...@mimirtech.com> > 2011/6/8 Ashish SHUKLA <ashish...@lostca.se>: > [...] > >> So will any of these solutions work when the user is logged in as root? > > > >> In general, how are you going to prevent root from destroying your > >> system? > In general I dont want to tweak any of the root privileges, I still want root to do anything under the Sun. However Ankit's point is quite valid, fork bomb cam be prevented by setting a limit on number of processes by any user! I think I am gonna try that approach. Our other systems using BoKS successfully are able to limit users from executing certain commands. For example if I (as amarakshat) become root and want to change other user's password (eg, rajmathur), it wont allow. However In my department we do not have such software ! > > > % getent passwd root > > root:x:65535:65535:root:/root:/bin/sh > > I was going to suggest the L33T toor user, but had refrained. > > > Or, maybe SELinux :) > > Have never understood SELinux: Isn't there only one command: > setenforce 0 > > Regards, > Gora > > _______________________________________________ > Ilugd mailing list > Ilugd@lists.linux-delhi.org > http://frodo.hserus.net/mailman/listinfo/ilugd > -- Amar Akshat Wells Fargo "Real Programmers always confuse Christmas and Halloween because Oct31 == Dec25." _______________________________________________ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd