Re: Locking down ssh config in large env
From: Atro Tossavainen (atossava_at_cc.helsinki.fi)
To: firstname.lastname@example.org Date: Fri, 1 Oct 2004 12:00:01 +0300 (EEST)
David M Andersen from UNCC wrote:
> You could easily do something like this:
[patch that prevents users from changing their own configuration either
on the command line or in their per-user configuration files removed]
Yes, and the user can easily circumvent it, just like all the other
proposals so far.
Nobody's reading what I have been posting all along. That's fine,
of course. I don't really mind...
None of the proposed ways so far that attempt to solve the issue brought
forward by the original poster actually do. This one is no different.
As long as users get to run their own binaries on your system you have
-NO-RECOURSE-WHATSOEVER- against them on the issue of freezing the SSH
configuration so users can't change it. How many times, and how many
different ways, do I have to say it on this list before it catches on?
You can slow them down, and for some clueless part of the population
you might even be able to stop them with temporary stopgap measures
such as all of the proposals so far (until they get a clue), but you
have no way to stop somebody who knows what they are doing unless you
can prevent them from running their own binaries on the system.
-- Atro Tossavainen (Mr.) / The Institute of Biotechnology at Systems Analyst, Techno-Amish & / the University of Helsinki, Finland, +358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own. < URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS