Very Computer

    Is there any way to keep users from running daemons?

:     Is there any way to keep users from running daemons?

No (if by a daemon, you mean a program that forks and returns while
the child detaches from the terminal).

Yes (if by a daemon, you mean things like sendmail and so on). Don't
give them execute permission on your copy. Doesn't stop them compiling
their own copy, though.

There's no way of killing a program that tries to access a network
socket (actually, there is, but you don't want to know). Or nobody
would be able to run telnet. What you might want to do is firewall
off all ports except official ones.

Peter

Dave

~~ Date: Wed, 06 Sep 2000 21:48:50 -0500


~~ Newsgroups: comp.os.linux.misc
~~ Subject: Restricting Users
~~
~~ Is there a way to keep users from running there own daemons.

1.  give them a restricted shell.
2.  chroot them.
3.  do not let them log in.
4.  have your own daemon that kills theirs.
5.  halt the machine, and tell them that their daemons crashed it.
6.  throw the server off a tall building and tell them that their
    daemons drove the machine to suicide.
7.  use windows (who needs daemons, when you can have satan himself).
8.  use mac os (that damned second button confuses users anyhow).
9.  convince them that the pacman machine at the laundromat down
    the street is really a dumb terminal (tell them the ghosts are
    daemons).
10. threaten them, let them know that big brother is watching
    (xsublim is good for convincing them of this).
11. kill the users. make them account for every bit they
    send over the network, make them give you od -c'ed script files,
    and tell them to file it in your cylindrical inbox on the floor.
12. users need wedgies (helps clear their mind).

Only take the first couple seriously, please!

anm
--
Andrew N. McGuire

perl -le'print map?"(.*)"?&&($_=$1)&&s](\w+)]\u$1]g&&$_=>`perldoc -qj`'