dot files are "hidden" from a standard ls command , so unless you are
used to doing
ls -a
most of the time users (even system admin users) will not see them in a
directory listing, that would be issue # 1
also they are used for unix "stuff" for example
.profile - what the ksh runs upon starting
.netrc - what ftp looks for when it starts up
.bashrc - what bash run when it starts up
so if you wanted to log some information/do something bad as another
user all you would need to do is write a .profile that replaces their
.profile and does the "bad thing", also if all your users use the same
login (or all have the same home directory) modifying a .profile will
affect ALL your users
the same can be said for a .netrc file, you put in the login credentials
for your ftp server , modify the host file to point to yrou ftp server
and when teh automated program to ftp data to their sever runs it goes
to your server instead.
Now I will admit that all this requires "root" priviliges, so if they
already have root access to your system your basically toast anyways,
but it does point out some of the security issues not to mention that
unless your users/system admins are used to doing
ls -a or ls -la
they would not normally see . files (one of the reasons I always do it,
from my sys admin days)
anyway there are legit reasons for modifying . files, someone mentioned
allowing users to modify their .profile (which is perfectly legit)
dougc
jpb wrote:
Most of the '.' files in Unix are used for system purposes. I will not
give any examples of what you can do with these because I don't feel
like giving anyone any ideas.
----- Original Message ----- From: <[EMAIL PROTECTED]>
To: <u2-users@listserver.u2ug.org>
Sent: Wednesday, October 04, 2006 9:11 PM
Subject: RE: [U2] [UV] How to create unix ".netrc" file?
Can you explain why it might be a breach of security to write a
standard Unix file to your home directory?
S
______________________________________________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of "jpb"
<[EMAIL PROTECTED]>
Sent: Wednesday, 4 October 2006 23:28
To: <u2-users@listserver.u2ug.org>
Subject: Re: [U2] [UV] How to create unix ".netrc" file?
It's also a breach of security.
**********************************************************************
This email message and any files transmitted with it are confidential
and intended solely for the use of addressed recipient(s). If you have
received this communication in error, please reply to this e-mail to
notify the sender of its incorrect delivery and then delete it and
your reply. It is your responsibility to check this email and any
attachments for viruses and defects before opening or sending them on.
Spotless collects personal information to provide and market our
services. For more information about use, disclosure and access, see
our privacy policy at http://www.spotless.com.au
Please consider our environment before printing this email.
**********************************************************************
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/