On 8/31/06, phcolaris <[EMAIL PROTECTED]> wrote:
hi folk,
I'm looking for a way how to keep users in their home directories - so
that SGD/Ray users can't go and see other users and the root file
system, simply not leave their /home/~ directory
I've been playing around with few options (eg SUDO,containers or jail),
but that isn't the right answer.
The only way I see that this could be done that is pseudo painless
other than directory permissions is have each user dumped into there
own Zone on a remote box, when they logged in, while they would have
access to other filesystems, it would only be a default install, no
other users files would be accessible. No changes could be made even
if they some how gained root because most of the files would be
readonly. Since the operating system is now free and opensource, they
would have complete access to this information anyway, they could just
install there own copy and or view the source at cvs.opensolaris.org.
To add an extra layer of protection you could start out with an
extremely minimal install of solaris on the machine with the zones on
it, then add only the applications the user would need to do his work.
No other applications or user information would be availible to them.
The other option is trusted Solaris 8 or trusted extensions to Solaris
express, I've never used either product but they are some of the most
secure OSes availible so it may be a possiblity of course there
security features may preclude it from being used with sunray clients,
i'm not sure.
James Dickens
uadmin.blogspot.com
does anyone use SGD/Ray on the same server?
any tips on user management for this particular situation?
thanks,
-philip
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
