On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote: > concern. Users can ssh into my machine but their profiles are fixed to > run a menu of things I allow them to do. Thus they can't get to the $ > prompt and thus can't cd to other directories to see what's there. And > even they did, permission are set so they could not overwrite important > files. I simply don't want them to be able to read stuff not in their > own home. Files like /etc/passwd,/etc/shadow,etc. Anything with
I wouldn't worry about them overwriting things like /etc/shadow, or even reading it. Just make sure permissions are set properly on the files that you care about. Debian does not leave critical information world-readable by default, so provided you don't make a mess out of the default permissions, you should be fine. There are plenty of shell servers out there that support hundreds of concurrent users, and I've never come across one that tries to restrict access to files that would commonly be world-readable. Also, you should probably check to see if something like ssh <your host> /bin/cat /etc/passwd works. If it does, then that's the same as scp, and it's not likely that you'll be easily able to prevent this behavior. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgppcLLJ3vtPJ.pgp
Description: PGP signature
