*BSD News Article 59325


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!paladin.american.edu!gatech!newsfeed.internetmci.com!in2.uu.net!insync!news.hal-pc.org!usenet
From: jhupp@gensys.com (Jeff Hupp)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: A Matter of Security
Date: Thu, 11 Jan 1996 01:12:45 GMT
Organization: Gensys Technologies
Lines: 46
Message-ID: <4d1o5j$2jv@news.hal-pc.org>
References: <4d0qav$9j0@gol2.gol.com>
Reply-To: jhupp@gensys.com
NNTP-Posting-Host: blue.gensys.com
X-Newsreader: Forte Free Agent 1.0.82

Doug <doug@gol.com> wrote:

:Our system now allows members to make PPP connections via our new 
:Portmaster (which is working well, along with RADIUS, thanks to the help 
:of members of this group).

:I noticed that unless I created a user account on the FreeBSD machine 
:for a user, he or she could not receive email. Well, that makes sense.

:But I also noticed that any user can now Telnet into our FreeBSD 
:machine.

:o Is this normal? Does everybody allow this?

	Yes.  Some do, some don't (makes maintaince of user pages much easer)  I
do.

:o As soon as I noticed this, I changed the permissions of /etc with the 
:command

:chmod og-wrx /etc

:so that members could not access that directory. Is that a reasonable 
:thing to do? Will it hurt any running processes?

	Put it back, there are programs not running as root that need files in
there.

:o Is there a way of disabling logins except for certain users?

	RTFM login.access

:o Can a user wreak havoc with the system by creating huge files in their 
:home directory, creating and running programs, etc.?

	Yes.

:o What do other sysops do about this?

	RTFM quota, edquota, quotacheck, ...


-- 
Jeff Hupp
<jhupp@gensys.com>  <http://gensys.com/>