maybe you can do something with the bash's restrictive shell, bash -r or /bin/rbash. i set a test account's shell to /bin/rbash i wasn't able to get a KDE login but you might be able to do some magic to get it working.
just a thought. James Dickens wrote: > On 8/31/06, phcolaris <[EMAIL PROTECTED]> wrote: >> hi folk, >> >> I'm looking for a way how to keep users in their home directories - so >> that SGD/Ray users can't go and see other users and the root file >> system, simply not leave their /home/~ directory >> I've been playing around with few options (eg SUDO,containers or jail), >> but that isn't the right answer. >> > The only way I see that this could be done that is pseudo painless > other than directory permissions is have each user dumped into there > own Zone on a remote box, when they logged in, while they would have > access to other filesystems, it would only be a default install, no > other users files would be accessible. No changes could be made even > if they some how gained root because most of the files would be > readonly. Since the operating system is now free and opensource, they > would have complete access to this information anyway, they could just > install there own copy and or view the source at cvs.opensolaris.org. > To add an extra layer of protection you could start out with an > extremely minimal install of solaris on the machine with the zones on > it, then add only the applications the user would need to do his work. > No other applications or user information would be availible to them. > > The other option is trusted Solaris 8 or trusted extensions to Solaris > express, I've never used either product but they are some of the most > secure OSes availible so it may be a possiblity of course there > security features may preclude it from being used with sunray clients, > i'm not sure. > > > James Dickens > uadmin.blogspot.com > > > > >> does anyone use SGD/Ray on the same server? >> any tips on user management for this particular situation? >> >> thanks, >> -philip >> >> _______________________________________________ >> SGD-Users mailing list >> [email protected] >> http://www.filibeto.org/mailman/listinfo/sgd-users >> > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users -- Darin Perusich Unix Systems Administrator Cognigen Corporation 395 Youngs Rd. Williamsville, NY 14221 [EMAIL PROTECTED] _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
