Hi, On Sun, May 11, 2014 at 12:20:27PM -0700, Shawn Zaidermann wrote: > I understand. There is definitely always that possibility that users will > get a shell. However, can SELinux help in this case? Perhaps I can confined > the users with basic access, one that does not allow a user to run any > execution from their home or /tmp. We have a debian deployment but can > migrate our users to CentOS without a problem. I realized running a chroot > does not help much since the system only runs postfix and mutt. If I jail > mutt, then I have to jail postfix and if I do that, I defeat the purpose of > the jail entirely.
If you want to place such narrow restrictions on your users, why give them a shell account at all (assuming that's how they will run mutt)? -- Suvayu Open source is the future. It sets us free.
