Hi,

Is there a way to limit what other users can do and write all of their actions to a log file? For example I wan to be able to stop people who can connect via SSH being able to access any other local machines like the router through a text based browser like w3m.

Any support greatly appreciated.
Dan.

Permissions and Groups.
Dont let the users got sudoers privilege.

create very limited group and include all users there,
or do it one by one.
just like the "Guest" session on the desktop...

Thanks for your response. How would I go about creating a new group, and how would a specify what the members of the group can do?

When you create a new user a group is also created with the same name, users have to be in perticular groups to be able to do some things, you can add a user to a group with the usermod -g command.

The outher, potentilly more sccure option would be to use a chroot jail.

The outher, potentilly more sccure option would be to use a chroot jail.


What is a chroot jail? Why is it more secure?

What is a chroot jail? Why is it more secure?

A chroot creates a `fake' root filesystem, from inside which the only applications a user can use are those in the `fake' /bin and /usr/bin dirs. Which makes limiting what the user can do a simple matter of not installing any unneded applications inside the jail.

So, would a chroot jail or groups be easiest to maintain in the long run? I guess a chroot jail would be the most secure, but I really don't think security is a huge issue. I just need to stop certain programs being run by certain people.

Groups would be easier to set up.