Re: scp and sftp
On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote: All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get around this by using pscp to upload their own .bash_profile. Even if I fix it so I have them chroot'd on their home would not prevent this since this file is in their home. But changing permissions on the .bash_profile so they don't own it (and not in their group) should take care of that problem. They can read it all they want, just not change it. Why not change the users' shell to /usr/bin/menu? Bye, Chris -- http://www.tuxedo.org/~esr/faqs/smart-questions.html __ _ -o)/ / (_)__ __ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote: All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get around this by using pscp to upload their own .bash_profile. Even if I fix it so I have them chroot'd on their home would not prevent this since this file is in their home. But changing permissions on the .bash_profile so they don't own it (and not in their group) should take care of that problem. They can read it all they want, just not change it. Why not change the users' shell to /usr/bin/menu? Bye, Chris -- http://www.tuxedo.org/~esr/faqs/smart-questions.html __ _ -o)/ / (_)__ __ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]