On Tue, 16 Jan 2007, Isaac Wagner-Muns wrote:

> I'm trying to set up a small shell account server for students at my 
> school, and it seems to be quite a vast undertaking, mostly because of 
> the security issues brought up by letting semi-anonymous people access 
> my machine. How do other shell servers (like sdf.lonestar.org) implement 
> an automatic user-adding system? Is having publicly runnable shell 
> scripts insecure? Any suggestions on where i should start would be 
> greatly appreciated

Get rid of any world-writable "tmp" directories. (Make users use their own 
homes. If you find any programs that don't allow custom temp directory in 
base install, let us know.)

Use file system quotas.

Set strict resource limits (login.conf and ulimit/limit).

(sorry if these ideas were already provided)

As for automatic user adding system, I don't know. Maybe make some shell 
scripts and allow user to login via ssh using a generic account that runs 
that script to allow user to add an account and set password.

  Jeremy C. Reed