user specific file access permission

synna · 01-13-2004, 04:58 PM

Hi,

I'm writting a programming game (a game where you program bot that will fight each other ,something like Robocode, see robocode.net) where you have to write a dynamic library that will be executed in order to control a robot.

The problem is that I don't want to check the code given by each participant. I wan't to do something like a security box. I thought maybe it's possible to run the program under a specific user. This user should :

Only access one directory (all other directory closed even for reading) and the files in it
Don't use network connection (localhost is okay).
If possible write until the directory reach a specific size (like 2MB).

If I don't do it there will be a serious security problem in the application.

Thank you very much in advance.

Synna

PS : Sorry for my bad english

Capt_Caveman · 01-13-2004, 10:08 PM

I'm not quite sure I understand in terms of the application (the robocode part) what you're trying to do, but from your description of the users environment, I think what your looking to setup is to chroot the users or the application itself into their home directories (or the applications root dir). Unspawn put together a good set of links on how to set one up. Checkout this post of the Security references thread:

http://www.linuxquestions.org/questi...598#post222598

synna · 01-13-2004, 10:35 PM

And that's exactly what I wanted to do...

Thanks a lot !!!!

Synna

Capt_Caveman · 01-13-2004, 11:53 PM

No problem. Good luck with your program.