[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: scp and ftp



On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote:
> concern.  Users can ssh into my machine but their profiles are fixed to
> run a menu of things I allow them to do.  Thus they can't get to the $
> prompt and thus can't cd to other directories to see what's there.  And
> even they did, permission are set so they could not overwrite important
> files.  I simply don't want them to be able to read stuff not in their
> own home.  Files like /etc/passwd,/etc/shadow,etc. Anything with

I wouldn't worry about them overwriting things like /etc/shadow, or even
reading it.  Just make sure permissions are set properly on the files
that you care about.  Debian does not leave critical information
world-readable by default, so provided you don't make a mess out of the
default permissions, you should be fine.

There are plenty of shell servers out there that support hundreds of
concurrent users, and I've never come across one that tries to restrict
access to files that would commonly be world-readable.

Also, you should probably check to see if something like
 ssh <your host> /bin/cat /etc/passwd
works.  If it does, then that's the same as scp, and it's not likely
that you'll be easily able to prevent this behavior.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpdBfFso8zD0.pgp
Description: PGP signature


Reply to: