Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.hawaii.edu!ames!lll-winken.llnl.gov!sol.ctr.columbia.edu!news.mindlink.net!uniserve!usenet From: tom@uniserve.com (Tom Samplonius) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: A Matter of Security Date: 10 Jan 1996 19:57:15 GMT Organization: UNIServe Online Lines: 37 Distribution: world Message-ID: <4d15mr$ap4@atlas.uniserve.com> References: <4d0qav$9j0@gol2.gol.com> NNTP-Posting-Host: pc.sdf.com Mime-Version: 1.0 Content-Type: Text/Plain; charset=US-ASCII X-Newsreader: WinVN 0.99.6 In article <4d0qav$9j0@gol2.gol.com>, doug@gol.com says... >What's more, because of the default settings, any user can roam around >and see almost everything, including most of the contents of /etc. > >Questions! > >o Is this normal? Does everybody allow this? If you have shell access, yes. You can go through a bit of effort to make a chroot'ed shell environment. >o As soon as I noticed this, I changed the permissions of /etc with the >command > >chmod og-wrx /etc > >so that members could not access that directory. Is that a reasonable >thing to do? Will it hurt any running processes? That isn't a good idea. Running programs need access to the user list, and many other config files in /etc. Many, many things will not work if /etc is not world-readable. >o Is there a way of disabling logins except for certain users? Change the user's shell. Perhaps just chang it to a shell script that says they can't login into a shell. >o Can a user wreak havoc with the system by creating huge files in their >home directory, creating and running programs, etc.? Yes. That's why we have quota's and system limits. Tom