Re: Locking down a guest account - need help.
On Sat, Aug 04, 2001 at 12:30:20AM +0200, Tobias wrote: > Hello! > > you can disable password login in sshd and only run ssh with public > key authentication, just don't forget to put a root owned non-writable > folder or file called ".ssh" and ".ssh2" in the accounts you do not wish > people to log in to. > Putting a root-owned file in a directory owned by a user is not much help against a UNIX savvy-user. The user would still be able to rename the file(s). You could create the .ssh / .ssh2 directories or files (owned by root), and then use the ``chattr +i '' command on each directory or file to protect it. This is for ext2fs only, but other filesystems may have equivalent commands. [FYI, chattr +i sets the immutable flag in the ext2 filesystem, rendering the file unchangable. chattr -i will remove the flag. Read the man page for more info.] Just my $0.02 worth, -- Eli Boaz ([EMAIL PROTECTED]) GNU/Linux: Free your computer from bad software. http://www.debian.org/ pgpLhGggWLlWK.pgp Description: PGP signature
Re: Locking down a guest account - need help.
On Sat, Aug 04, 2001 at 12:30:20AM +0200, Tobias wrote: > Hello! > > you can disable password login in sshd and only run ssh with public > key authentication, just don't forget to put a root owned non-writable > folder or file called ".ssh" and ".ssh2" in the accounts you do not wish > people to log in to. > Putting a root-owned file in a directory owned by a user is not much help against a UNIX savvy-user. The user would still be able to rename the file(s). You could create the .ssh / .ssh2 directories or files (owned by root), and then use the ``chattr +i '' command on each directory or file to protect it. This is for ext2fs only, but other filesystems may have equivalent commands. [FYI, chattr +i sets the immutable flag in the ext2 filesystem, rendering the file unchangable. chattr -i will remove the flag. Read the man page for more info.] Just my $0.02 worth, -- Eli Boaz ([EMAIL PROTECTED]) GNU/Linux: Free your computer from bad software. http://www.debian.org/ PGP signature