Hacker News new | past | comments | ask | show | jobs | submit login

Or just stick with a lightweight init like OpenRC. It's used in Alpine and as such also in Docker containers. It stands out in how little, really, it does.

Also, you can use /etc/passwd to set the shell for every user. If you set this to a non-shell application, you essentially limit this user's session to only ever running that program. So a very lightweight, but networked system could set up sshd in innittab and then create a user with your single-user application set as the shell, and maybe an admin user that actually has access to a proper shell as a back-up.

There actually was a blog post I read not too long ago about a sysadmin who detailed the security challenges of running an open SSH server in which passwd set the shell to a game. There was a little bit more to it to get it completely secure. Unfortunately can't find it right now.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: