On Sun, 2010-04-18 at 12:24 -0600, Christer Edwards wrote: > I've been doing some research recently on securing and limiting shell > access to a server. I thought I would pose the question here. > Hopefully we'll all get something beneficial out of the discussion, > and it'll give us a break from name calling on the Net Neutrality > thread. :P
So, what, you want free consulting? We should just give you our valuable intellectual property? Marxist! > What operating system / distribution would you use? Why? Linux. Duh. It runs on everything, it's highly configurable, and I know it well. Marxist. > What would you use to ensure privacy between users (home folders, > personal files, etc) If standard unix permissions and FACLs aren't enough, I would use PAM and/or SELinux. For example, check out Fedora's xguest. We're using something inspired by it to allow customers to run a graphical app remotely in a very locked down but useful environment. Marxist. > What would you use to ensure users don't use too many resources (cpu, > memory, disk space, etc) Oh, you know, pam_limit, quotas, cgroups, the usual. Marxist. > What would your partitioning scheme look like? Why? / - Everybody loves root /tmp - Tighter mount options /home - Quotas Maybe more. Marxist. > What other security/privacy/resource utilities would you implement on > your system? Network bandwidth. Storage bandwidth. Marxist. -- "XML is like violence: if it doesn't solve your problem, you aren't using enough of it." - Chris Maden /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
