In the last episode (Jan 27), Emre said:
> I'm running FreeBSD 4.0 from Dec. 26 1999. This should be on the "general
> questions" malininglist, but I thought maybe there is something that changed
> from -stable to -current that does this:
>
> I'm trying to limit permissions on .bash_history. There have been users
> on my server that have linked .bash_history to /dev/null and then been
> doing some cracking, and attacking other servers. To limit this (or at
> least trying to control it) I tried to take out write permission for
> group and others, thinking that will stop the users from trying to mod-
> ify the file. That didn't work! Even if I did "chmod 000 .bash_history"
> users still could delete the file or modify it. So I thought maybe if I
> just change the group or the owner of the file, it would fix the problem
> that didn't work either...now it wouldn't log the commands to the history
> file anymore.
Are you also running a modified bash that removes the HISTFILE and
HISTFILESIZE environment variables, and have you also removed /bin/sh
and all other shells that don't log commands (* NOTE: do not remove
/bin/sh *) ?
> So I was wondering, do any of you gurus and bofh know how to fix this?
> This is very imporant for me, I'd be _very_ thankful if anyone could
> help me fix this problem.
>
> (PS: In other's OSs i.e Solaris or Linsucks, changing the perms seemd
> to work, just not in FreeBSD)
Delete permission comes from the directory, not the file. No amount of
chmod'ing the file will affect it.
Under FreeBSD, you can run "chflags sappnd,sunlnk .bash_history" to
make the file undeletable, append-only. Under other Unixes, the user
can simply do a "cp /dev/null ~/.bash_history && kill -9 $$" to log out
with no history file.
--
Dan Nelson
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
