Reco wrote: > Set up another user with /bin/rbash (not straight /bin/bash) as a shell. > Set PATH in .bashrc of said user to that program.
Restricted shells have a long history. Everyone wants them to work. But in practice they tend to have a lot of holes. Joel Rees wrote: > Oh. Well, that might work, too. chroot the new user account, of > course. The chroot sounds good at first. But again in practice it often has a lot of holes. Actually if not careful it is possible to create security holes using chroot. > Or just make sure his user account is not a member of any > other user account's group. That is the default. By default the strategy of UPG (user private group) is implemented where every user account exists only in their own private group. Definitely a good plan. Zenaan Harkness wrote suggesting creating a user specifically for this friend. I think that would be good. Andrei POPESCU suggested using multiuser screen to share a login session. Then you can show everything you need to show and be able to proctor everything they do. That is an excellent suggestion. Unix-like systems have been multiuser machines forever. Personally I create accounts for people often and know that the file permissions do their job to keep people restrictions presented. If I have files that I don't want other people to see then I chmod those files to prevent other people from seeing them. This really does work well. Bob
signature.asc
Description: Digital signature
