102:MySQL Server:/var/lib/mysql:/bin/false
You don't want to sacrifice security for convenience.
___
(@ @)
--oOo--(_)--oOo-----------
Jon McCainEmail: [EMAIL PROTECTED]
Sr. Programmer
a menu script (i.e.
/usr/bin/yourmenu instead of /usr/bin/bash) so they can not get to a $
prompt. You also have to define your menu script as a shell
(/etc/shell) so regular ftp will still work.
--
___
(@ @)
------oOo--(_)--oOo--
a menu script (i.e.
/usr/bin/yourmenu instead of /usr/bin/bash) so they can not get to a $
prompt. You also have to define your menu script as a shell
(/etc/shell) so regular ftp will still work.
--
___
(@ @)
------oOo--(_)--oOo--
Chris Reeves wrote:
>
> Why not change the users' shell to /usr/bin/menu?
>
Because they need to be able to transfer files to their home
directories. If you do this, then ftp,pscp,etc won't work. My original
goal was to allow them transfer files to/from home directory with
something besides ft
All of this has gotten me to thinking about another flaw in the way I
have things set up. I'm preventing users from getting to a $ by running
a menu from their profile.
exec /usr/bin/menu
This works fine since the exec causes menu to become their shell
process.
But some smart user could get aro
I think some of you misunderstood me. I was not clear about my
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them to do. Thus they can't get to the $
prompt and thus can't cd to other directories to see what's there. And
even they did, permi
>
> > The user can change to directories above their home.
> > Is there a way to chroot them
>
> Use restricted bash shell for the user (/bin/rbash) in the
> /etc/passwd.
>
This does not seem to affect sshd. I changed a user to use rbash but I
could still go to a windows machine and use the pu
I'm not sure if this message made it through. Our ISP was having
problems this morning.
Sorry if you get this message twice.
I think some of you misunderstood me. I was not clear about my
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them t
Chris Reeves wrote:
>
> Why not change the users' shell to /usr/bin/menu?
>
Because they need to be able to transfer files to their home
directories. If you do this, then ftp,pscp,etc won't work. My original
goal was to allow them transfer files to/from home directory with
something besides f
All of this has gotten me to thinking about another flaw in the way I
have things set up. I'm preventing users from getting to a $ by running
a menu from their profile.
exec /usr/bin/menu
This works fine since the exec causes menu to become their shell
process.
But some smart user could get ar
I think some of you misunderstood me. I was not clear about my
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them to do. Thus they can't get to the $
prompt and thus can't cd to other directories to see what's there. And
even they did, perm
>
> > The user can change to directories above their home.
> > Is there a way to chroot them
>
> Use restricted bash shell for the user (/bin/rbash) in the
> /etc/passwd.
>
This does not seem to affect sshd. I changed a user to use rbash but I
could still go to a windows machine and use the p
I'm not sure if this message made it through. Our ISP was having
problems this morning.
Sorry if you get this message twice.
I think some of you misunderstood me. I was not clear about my
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way to
chroot them like you can in an ftp config file? I don't see anything in
the sshd con
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way to
chroot them like you can in an ftp config file? I don't see anything in
the sshd co
Craig wrote:
>
> Goodday ladies and fellas
>
> I have potato installed on a box that will be a proxy and firewall. I needed
> to have the facility of port forwarding so i was told to install kernel 2.4.
>
Does kernel 2.4 have some special feature of port forwarding that the
2.2.x kernels don'
Craig wrote:
>
> Goodday ladies and fellas
>
> I have potato installed on a box that will be a proxy and firewall. I needed
> to have the facility of port forwarding so i was told to install kernel 2.4.
>
Does kernel 2.4 have some special feature of port forwarding that the
2.2.x kernels don
17 matches
Mail list logo