I need to use a server (Linux, Ubuntu) 'S' as a bridge between clients and other local servers 'LSs' which offer a series of services such as DB access via web or applications that must run on them (the other LSs).
Real examples:
I need clients to connect to S via SSH, and then they must be able tu run firefox to access LS1 in order to manage a database via web.
I need clients to connect to S via SSH, and then they must be able to run on S Java Dsktop Apps which connect to external servers to do other things.
In short: I need clients to connect to S just to do what they are expected to (some of them just have to open a firefox instance, others have to be able to execute a java.jar, etc.), and hopefully they don't do anything else.
Regarding to connections I can easily use the S firewall to limit them to only allow connections to LSs, but since some of the clients like to experiment on other computers, I would like to also limit their actions beyond the simple command "$ firefox" or "$ java -jar someapp.jar".
I'm using Ubuntu 14.04 as OS on servers. Obviously I can't limit accounts to "just run firefox" or "just run this .jar", but I'm interested in knowing that: How much could I limit those accounts actions?
