I would imagine that would be tough - you'd have to build a whole X
environment in a chroot'ed directory....
I've always wanted to try using smrsh (sendmail's restricted shell) as a
default user shell. That may be worth trying - or even setting up a
wrapper that detects if you're on display 0 and runs bash, or any other
display and runs a restricted shell....
I've never really had any need for that, though.
--Yan
Glenn Mabbutt wrote:
> good points below. By the by, has anyone played with Xvnc in a chroot
> environment on *nix?? How is it configured?? I'm curious, but I've never
> played with it myself.
>
> Glenn
>
> -----Original Message-----
> From: Yan Seiner [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 25, 2001 7:04 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Configure server so that vnc viewer cannot access
> somefile/folder
>
>
> Is the server on a win9x machine? An NT box? A linux box?
>
> Basically, once you log in to the server you have the same priviledges
> as a local user.
>
> On a win 9x box, there is no real concept of security or even of
> separate users, so you cannot deny access.
>
> On an NT/W2K box, I guess you could set up a user for vnc - but keep in
> mind that vnc gives you access to the graphical screen displayed, so
> unless the restricted user is also logged in (and thus has no access to
> the files either) you can't do what you want.
>
> On a linux (or any *nix) box, you can run vncserver as any arbitrary
> user. You can then give that user specific priviledges and deny access
> to any system resources.
>
> BIG DISCLAIMER: vnc was never meant to do what you want to do. vnc
> gives access to a graphical screen remotely. What is displayed on that
> screen depends solely on the underlying OS and the access of the user
> that vncserver is running as. There are no provisions to limit the
> actions of a user in vnc. In fact, it is IMPOSSIBLE for vnc to know
> what is being displayed. vnc only deals with pixels; it can't know if
> that pixel goes to make up a pornographic picture or a piece of your PhD
> dissertation.
>
> <soapbox mode>
> If you are concerned about privacy for whatever reason, you should dump
> windows altogether, use *nix, and secure the system using good firewall
> rules, tcpwrappers, and restrictive user permissions.
> (soapbox mode off>
>
> --Yan
>
> Vimal wrote:
>
>>Hi,
>>
>>Can we configure the vnc server so that vnc viewer can not access
>>particular files or folders on the server.
>>
>>I have some image files on the server which I don't want from being
>>viewed by vnc viewer.
>>
>>thanks,
>>vimal
>>[EMAIL PROTECTED]
>>---------------------------------------------------------------------
>>To unsubscribe, send a message with the line: unsubscribe vnc-list
>>to [EMAIL PROTECTED]
>>See also: http://www.uk.research.att.com/vnc/intouch.html
>>---------------------------------------------------------------------
>>
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to [EMAIL PROTECTED]
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to [EMAIL PROTECTED]
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
