re: scp and ftp
Hello ! > concern. Users can ssh into my machine but their profiles are fixed to > run a menu of things I allow them to do. Thus they can't get to the $ > prompt and thus can't cd to other directories to see what's there. And maybe i do not get the point but : i think you should try 'pdmenu' as the shell for the users -- at : Apr 2 3:02pm Best regards : `Zer0` -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
re: scp and ftp
Hello ! > concern. Users can ssh into my machine but their profiles are fixed to > run a menu of things I allow them to do. Thus they can't get to the $ > prompt and thus can't cd to other directories to see what's there. And maybe i do not get the point but : i think you should try 'pdmenu' as the shell for the users -- at : Apr 2 3:02pm Best regards : `Zer0` -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scp and ftp
On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote: > concern. Users can ssh into my machine but their profiles are fixed to > run a menu of things I allow them to do. Thus they can't get to the $ > prompt and thus can't cd to other directories to see what's there. And > even they did, permission are set so they could not overwrite important > files. I simply don't want them to be able to read stuff not in their > own home. Files like /etc/passwd,/etc/shadow,etc. Anything with I wouldn't worry about them overwriting things like /etc/shadow, or even reading it. Just make sure permissions are set properly on the files that you care about. Debian does not leave critical information world-readable by default, so provided you don't make a mess out of the default permissions, you should be fine. There are plenty of shell servers out there that support hundreds of concurrent users, and I've never come across one that tries to restrict access to files that would commonly be world-readable. Also, you should probably check to see if something like ssh /bin/cat /etc/passwd works. If it does, then that's the same as scp, and it's not likely that you'll be easily able to prevent this behavior. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgppcLLJ3vtPJ.pgp Description: PGP signature
re: scp and ftp
I'm not sure if this message made it through. Our ISP was having problems this morning. Sorry if you get this message twice. I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did, permission are set so they could not overwrite important files. I simply don't want them to be able to read stuff not in their own home. Files like /etc/passwd,/etc/shadow,etc. Anything with information someone could use to locally exploit the machine. But you can use pscp from a windows machine and poke around and download files from places other than your home directory. If there is another email list that this is more appropriate for, let me know. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scp and ftp
On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote: > concern. Users can ssh into my machine but their profiles are fixed to > run a menu of things I allow them to do. Thus they can't get to the $ > prompt and thus can't cd to other directories to see what's there. And > even they did, permission are set so they could not overwrite important > files. I simply don't want them to be able to read stuff not in their > own home. Files like /etc/passwd,/etc/shadow,etc. Anything with I wouldn't worry about them overwriting things like /etc/shadow, or even reading it. Just make sure permissions are set properly on the files that you care about. Debian does not leave critical information world-readable by default, so provided you don't make a mess out of the default permissions, you should be fine. There are plenty of shell servers out there that support hundreds of concurrent users, and I've never come across one that tries to restrict access to files that would commonly be world-readable. Also, you should probably check to see if something like ssh /bin/cat /etc/passwd works. If it does, then that's the same as scp, and it's not likely that you'll be easily able to prevent this behavior. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html msg06150/pgp0.pgp Description: PGP signature
re: scp and ftp
I'm not sure if this message made it through. Our ISP was having problems this morning. Sorry if you get this message twice. I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did, permission are set so they could not overwrite important files. I simply don't want them to be able to read stuff not in their own home. Files like /etc/passwd,/etc/shadow,etc. Anything with information someone could use to locally exploit the machine. But you can use pscp from a windows machine and poke around and download files from places other than your home directory. If there is another email list that this is more appropriate for, let me know. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]