* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [010903 12:39]: > Hi, I'm running a server in a public location, and the applications running > on the server run in their own virtual console (or an xterm window). However, > if someone came up and closed the xterm or hit ^C they could cancel the > server operation, which risks data loss, server failure, etc., and they would > also have full access to every aspect of the user account the server is run > on. > > Is there a good way to keep others from messing with the server?
I'm not sure I understand what it is you run in these 'servers'. This is some sort of kiosk where users need to be able to interact with these applications? If so, the applications themselves should be made more robust, so that they can not be shut down or interrupted from the user. If that's for some reason not an option, then try running it from within a loop program that simply respawns the application if it closes. This may not prevent some data loss in the applications, but at least it won't allow them a shell if they interrupt the process. At the very least, you should be starting the application with 'exec <application>' so that the shell exits, surrendering control to the application. That way, when the application exits, the user is logged out immediately; there's no shell to return to. If you do create a loop program, it should trap and not respond to the INT and SUSP signals that can be generated from the keyboard. Your machine's inittab should also be made to ignore ctrl+alt+del. I doubt that you mean that these are applications running on the terminals which you do not intend users to interact with at all; if this is the case, maybe you should look into xlock or other such software console locking applications. Another option when running applications which for some reason or another must be run attached to a console is to run them from within a screen session, then detach the screen session and logout. The best part of this solution is that you can remotely administer the applications by ssh'ing to the machine and re-attaching the screen session on your ssh tty. I hope some of my vague suggestions are oh some help to you; for more specific help, please post a more specifically-worded question. -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M'
pgp9wfpdgkv5R.pgp
Description: PGP signature
