If sounds to me like he made it clear that they HAD to login to use a c++ script. Probably something he built himself to manage data or something.
The quickest, easiest way is to just use chroot jails. They are fairly secure out of the box and chroot is a widely accepted method for securing untrusted clients/servers (such as postfix for example). Just put only what they need in the chroot enviornment and you should be ok. As for monitoring, there is always the bash_history file. You can also install a shell monitor that allows the root user to view a shell in realtime. You can also use the watch command to watch the who list. It's primitive but can be useful. You can also use syslog to do some extra logging similiar to that if bash_history. D. Wokan wrote: >> >> Is it possible for them to work with this DB using some client app >> running on another machine? You haven't said much about your situation >> but perhaps there is another way besides them having shell access to >> that server. >> >> >> > I believe you can set their shell to /bin/true and they'll be able to > log in, but not get an actual shell. -- gentoo-user@gentoo.org mailing list
