[mdlug] Read-Only access to entire system

Mark Kimsal mark at metrofindings.com
Thu Jan 8 17:07:50 EST 2009


On Thursday 08 January 09, Mark Kimsal wrote:
> You could jail the user and restrict them to only their home directory. 
> Then you could copy in binaries and libraries for just the commands you
> want them to do.
>
> You could also put their home directory on a read-only partition, but you'd
> have to limit their access to the rest of the system with some sort of
> chroot jail.
>
> Also, i think you can auto-mount an NFS directory upon login to another
> machine, possibly restricting write access when doing the nfs mount.
>
> But, i really don't think there's a flag or group setting that will just
> say "don't allow write access to the hard drive anywhere".  Perhaps a shell
> account is the wrong approach all together?  Maybe a VNC/RDP session with
> no keyboard/mouse control ?  (just throwing out ideas)
>
> On Wednesday 07 January 09, gib at juno.com wrote:
> > Can I set up a user ID that has read-only access to the entire system?
> > ____________________________________________________________

Continuing with the spirit of throwing out ideas.. what about a disk quota of 
0?



More information about the mdlug mailing list