Re: question about SSH / IPTABLES

To: debian-security@lists.debian.org
Subject: Re: question about SSH / IPTABLES
From: Vittorio R Tracy <vrt@fastmetrics.com>
Date: 23 Jan 2003 19:06:56 +0100
Message-id: <[🔎] 1043345227.3591.4.camel@ynos>
In-reply-to: <[🔎] 20030123133955.GB31031@afrika>
References: <[🔎] 51341B7FA34CD2119FA20008C7289B1C051C1C32@panoramix.coe.int> <[🔎] 20030123133955.GB31031@afrika>

you may also try rbash as a shell type (in /etc/passwd), it is not super
secure, and people can still use their own binaries, but you can
restrict them to their own home directory and whatevers in their path.
Its lazy persons way out of doing chroots for all. more info in the man
for bash

VRT <-- underpants on his head


On Thu, 2003-01-23 at 14:39, Rolf Kutz wrote:
> * Quoting DEFFONTAINES Vincent (Vincent.DEFFONTAINES@coe.int):
> 
> > 2. Mount /home, /tmp and any other place users might have write access on
> > with the "noexec" switch, so they can only use binaries installed (and
> > allowed to them) on the system.
> 
> This does not prevent them from executing
> binaries. This has been discussed here before.
> 
> - rk 
> 
> -- 
> "What sort of person," said Salzella patiently, "sits down and writes a
> maniacal laugh? And all those exclamation marks, you notice? Five? A
> sure sign of someone who wears his underpants on his head. Opera can do
> that to a man."
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- RE: question about SSH / IPTABLES
  - From: DEFFONTAINES Vincent <Vincent.DEFFONTAINES@coe.int>
- Re: question about SSH / IPTABLES
  - From: Rolf Kutz <kutz@netcologne.de>

Prev by Date: testestestestest
Next by Date: Re: question about SSH / IPTABLES
Previous by thread: Re: question about SSH / IPTABLES
Next by thread: RE: question about SSH / IPTABLES
Index(es):
- Date
- Thread