amuck-landowner

OpenVZ Command Blocking

R

RTGHM

New Member
I've been searching and can't find an answer:

OpenVZ, I spin up a virtual machine for a friend, now I want to prevent them from running bash scripts, any way to prevent that so something like "sh script.sh" doesn't execute?

It's to prevent abuse.
 
Aldryic C'boas

Aldryic C'boas

The Pony
What you want is a jailed shell, not a VPS.

You may wish to re-evaluate your definition of friend if you don't trust them.
 
R

RTGHM

New Member
Aldryic C said:
What you want is a jailed shell, not a VPS.

You may wish to re-evaluate your definition of friend if you don't trust them.
Click to expand...
A friend whom has known to run abusive scripts that hog memory.

I was hoping to be able to spin up a openvz container and then set security so items can't be executed, etc.
 
Last edited by a moderator:
Aldryic C'boas

Aldryic C'boas

The Pony
Well, that's not someone I would willingly give resources to.  But preferences on acquaintances aside, you're still looking at a jailed shell rather than a full-on VPS.  General rule of thumb - if they have root, you can't really restrict what they do.
 
R

RTGHM

New Member
Aldryic C said:
Well, that's not someone I would willingly give resources to.  But preferences on acquaintances aside, you're still looking at a jailed shell rather than a full-on VPS.  General rule of thumb - if they have root, you can't really restrict what they do.
Click to expand...
Alright thanks, any quick tutorials on how to configure that on CentOS?
 
Francisco

Francisco

Company Lube
Verified Provider
RTGHM said:
A friend whom has known to run abusive scripts that hog memory.

I was hoping to be able to spin up a openvz container and then set security so items can't be executed, etc.
Click to expand...
OVZ would be OK with that assuming you put a hard cap on RAM.

If he does other abusive things (DDOS, etc) then as Aldryic said, a jail is likely the best solution.

Francisco
 
Kayaba Akihiko

Kayaba Akihiko

New Member
Francisco said:
OVZ would be OK with that assuming you put a hard cap on RAM.If he does other abusive things (DDOS, etc) then as Aldryic said, a jail is likely the best solution.Francisco
Click to expand...
If he is ddosing people you probably should get him arrested and not give him anything at all but to each their own i suppose
 
R

RTGHM

New Member
Kayaba Akihiko said:
If he is ddosing people you probably should get him arrested and not give him anything at all but to each their own i suppose
Click to expand...
DDoSing implies more than 1 machine doing the attack, therefore it's just dosing.

He doesn't do any dosing that I'm aware of - regardless I'll keep a close eye on it. He just runs abuse, buggy scripts which hog a ton of memory and slow the server down.
 
Last edited by a moderator:
You must log in or register to reply here.
Top
amuck-landowner