Re: User?s and Shells
From: Devdas Bhagat (dvb@users.sourceforge.net)
Date: 12/21/02
- Previous message: Small, Jim: "RE: User?s and Shells"
- In reply to: Christian Hammers: "Re: User?s and Shells"
- Next in thread: Erik Karulf: "Re: User?s and Shells"
- Reply: Erik Karulf: "Re: User?s and Shells"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 21 Dec 2002 22:55:25 +0530 From: Devdas Bhagat <dvb@users.sourceforge.net> To: Brian Hatch <focus-linux@ifokr.org>, "'focus-linux@securityfocus.com'" <focus-linux@securityfocus.com>
On 20/12/02 22:52 +0100, Christian Hammers wrote:
<snip>
> I'm wondering why I would want that - until now nobody could give me a
> good argument although everybody learns to remove the shells :-(
>
> * If I give my users a disabled password, they cannot¹ login via passwd
> based ssh/ftp/pop3 etc.
Keys. ssh-keygen.
> * But, on the other hand, I can have a
> su news -c /usr/local/script_running_as_user_news.sh
su - news -s /bin/sh -c "/path/to/script taking arguments"
> Any hints?
Administrators have to close all holes, crackers need just one.
Why leave something that might be misused?
After all, hardening a box involves restricting what can be done by what
users.
Devdas Bhagat
- Next message: Adam H. Pendleton: "Re: User?s and Shells"
- Previous message: Small, Jim: "RE: User?s and Shells"
- In reply to: Christian Hammers: "Re: User?s and Shells"
- Next in thread: Erik Karulf: "Re: User?s and Shells"
- Reply: Erik Karulf: "Re: User?s and Shells"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
