I think some of you misunderstood me.  I was not clear about my
concern.  Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them to do.  Thus they can't get to the $
prompt and thus can't cd to other directories to see what's there.  And
even they did, permission are set so they could not overwrite important
files.  I simply don't want them to be able to read stuff not in their
own home.  Files like /etc/passwd,/etc/shadow,etc. Anything with
information someone could use to locally exploit the machine.  But you
can use pscp from a windows machine and poke around and download files
from places other than your home directory.

If there is another email list that this is more appropriate for, let me
know.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to