How do I stop people from running applications, such as TeamSpeak, under their user accounts? (They have shell)

Silly question here but if you don't want them to run apps why give them shell?

Dave

Put it in your TOS that running teamspeak is grounds for acount termination.

Block the ports with your firewall.

Moe

Hmm I'll figure something out.

Your asking for trouble allowing users to have shell, just from past experiances Btw just block the ports, and check once a day for files that relate to teamspeak if you find something like that delete it and put in your TOS if found your account with be Terminated. I think thats about all you can do.

I guess even that they could probably circumvent the rules by renaming the files and using different ports.

Unless I am missing something, even if they change ports they would still be blocked. Generally speaking you only have certain ports open (web, mail, ftp, dns, etc.) so if they change to a different non-standard port for their particular app it will still be blocked. If they change to a standard service port that is opened then another service should already be listening on that port and the offending service should not be able to start.

As someone else said, don't give them shell access to start with

Moe

Yup, sounds like a plan.. no shell would be a good move but since he has provided shell already, i doubt he could just take it back. Your plan of restricting the ports to the commonly used ones may be a good either but it might not stop them from launching DoS attack from the shell account.