*BSD News Article 59230


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!news.sprintlink.net!gol2!usenet
From: Doug <doug@gol.com>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: A Matter of Security
Date: 10 Jan 1996 16:43:11 GMT
Organization: GOL
Lines: 41
Message-ID: <4d0qav$9j0@gol2.gol.com>
NNTP-Posting-Host: ppp240.gol.com
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 1.1N (Macintosh; I; PPC)
X-URL: news:comp.unix.bsd.freebsd.misc

Our system now allows members to make PPP connections via our new 
Portmaster (which is working well, along with RADIUS, thanks to the help 
of members of this group).

I noticed that unless I created a user account on the FreeBSD machine 
for a user, he or she could not receive email. Well, that makes sense.

But I also noticed that any user can now Telnet into our FreeBSD 
machine.

What's more, because of the default settings, any user can roam around 
and see almost everything, including most of the contents of /etc.

Questions!

o Is this normal? Does everybody allow this?

o As soon as I noticed this, I changed the permissions of /etc with the 
command

chmod og-wrx /etc

so that members could not access that directory. Is that a reasonable 
thing to do? Will it hurt any running processes?

o Is there a way of disabling logins except for certain users?

o Can a user wreak havoc with the system by creating huge files in their 
home directory, creating and running programs, etc.?

o What do other sysops do about this?

I am very interested in hearing the opinions of other members of this 
group.

Thanks,

Doug Lerner,
Tokyo