> I have Linux 3.0.0 and X11R6 on my machine.
>Some day, while I was doing something, an user
>login on my host and used 'startx'.... then I entered
Fix your scripts permissions. Nobody who is not working on the console
should be able to bring up X on the localhost. My preferred alternative
is to get rid of startx altogether and manage X (both for the console
and for peers connected via some Net) via xdm. Be sure to use a current
release of XFree (if it is XFree you are using), for older versions of
xdm had security problems.
Quote:> And another time, an user used 'repeat 1000 joke'
>to start MANY xclocks (of course, there are xclock & command
>in the file joke), so I got into trouble....
No way to prevent this under Linux, as far as I know. (Let me know if
you should find one.) Linux was not really made for users competing for
resources, and that is what is going on here. (The man page for
ulimit(2) is unimplemented(2), as of 1.2.13. On systems that do support
it, however, ulimit can be used to limit such things as maximum size of
files created, memory and cpu time used and number of processes started.
These limits can be set for a process and all its children.)
Quote:> How to prevent users from playing such jokes on me??
There are methods that usually work, but they do not have much to do
with software configuration. Anybody who plays these "jokes" is kicked
out of the system. If your system is used in a professional environment
(as opposed to some hobby server that probably does not take any real
damage from this), make them pay for all damages incurred (loss of cpu
time, loss of availability, administrator's time). This tends to
discourage "jokers", although it is no "clean" solution, of course.
Please cc public responses to email.
Get my pgp key: http://www.fak14.uni-muenchen.de/~mselig/mykey.asc