On Thursday 09 August 2001 04:53, Lonnie Cumberland wrote:
> Well, I was just thinking back to the days of Novell and seem to remember
> that when a user logged in, they were mapped into their own user space and
> generally did not have access to other areas.
you could eset up your linux box to have that proprty. I dont recommend it
though.
> I though that this was a nice security issue.
Not really. Being able to see what's in /usr/bin doesnt really open secirty
holes. It does ruin the security aspect called "unpredictability."
> Also, the users could run applications by having a local "bin" link and
> path setting.
No, because links would resolve to directory the user cant access.
> I was just playing with some ideas and wanted to investigate them.
Try this:
---------------------
[movits@movitslinux movits]$ su
Password:
[root@movitslinux movits]# cd /
[root@movitslinux /]# mkdir /test
[root@movitslinux /]# chmod 771 /test
[root@movitslinux /]# cp /usr/bin/tree /test/
[root@movitslinux /]# ls -l|grep test
drwxrwx--x 2 root root 4096 Aug 9 17:43 test/
[root@movitslinux /]# exit
[movits@movitslinux movits]$ cd /test
[movits@movitslinux /test]$ ls
ls: .: Permission denied
[movits@movitslinux /test]$ ./tree /
[SNIPPED LONG OUTPUT]
---------------------
Understand it?
Mordy
--
Mordy Ovits Give a man a fish, he owes you one fish.
Network Engineer Teach a man to fish, and you give up
Bloomberg L.P. your monopoly on fisheries.
