limitation of user a/c ( telnet service )
Les
hlhowell at pacbell.net
Wed Feb 7 09:10:29 UTC 2007
On Wed, 2007-02-07 at 12:44 +0800, edwardspl at ita.org.mo wrote:
> Sam Varshavchik wrote:
> > edwardspl at ita.org.mo writes:
> >
> > > 竄 HTML content follows 罈
> > > Les wrote:
> > > > On�Tue,�2007-02-06�at�23:06�
> > > > +0800,�<URL:mailto:edwardspl at ita.org.mo>edwar
> > > > dspl at ita.org.mo�wrote:
> > > > ��
> > > >
> > > > > Dear�All,
> > > > >
> > > > > How�can�we�limit�a�user�a/c�when�telnet�to�the�server�:
> > > > > eg�:
> > > > >
> > > > > [edward at svr1�~]$�ls�-l�-a
> > > > > total�36
> > > > > drwx------�3�edward�edward�4096�Feb��6�22:51�.
> > > > > drwxr-xr-x�5�root���root���4096�Feb��6�22:50�..
> > > > > -rw-------�1�edward�edward���14�Feb��6�22:52�.bash_history
> > > > > -rw-r--r--�1�edward�edward���24�Feb��6�22:50�.bash_logout
> > > > > -rw-r--r--�1�edward�edward��176�Feb��6�22:50�.bash_profile
> > > > > -rw-r--r--�1�edward�edward��124�Feb��6�22:50�.bashrc
> > > > > drwxr-xr-x�3�edward�edward�4096�Feb��6�22:50�.kde
> > > > > -rw-r--r--�1�edward�edward��658�Feb��6�22:50�.zshrc
> > > > > [edward at svr1�~]$
> > > > >
> > > > > Prevent�user�"edward"�from�doing�the�following�:
> > > > > modify�/�del�the�exiting�files�(�default�by�the�system�).
> > > > >
> > > > > Allow�user�"edward"�create�/�del�/�modify�other�his�own�files�/�dirs.
> > > > >
> > > > > Edward.
> > > > > --�
> > > > > ����
> > > > Have�root�create�the�files�with�root�access,�then�put�the�world�read�and
> > > > execute�privilege�on�them.��Only�root�can�then�modify�them.
> > > >
> > > > Regards,
> > > > Les�H
> > > >
> > > > ��
> > > But when user "edward" login to the server by the telnet service,
> > > then he can modify the dot file...
> >
> > 1) No, he can't. Not if the file is owned by root, with no other
> > permissions.
> >
> > 2) If you allow telnet access, you have more problems to worry
> > about. Such as anyone with access to your local network, or your
> > Internet provider's network, being able to capture your login
> > passwords.
> >
> >
> For the point 1, user edward he can modify / delete the dot file....
> --
Is user edward a superuser? If so, that will cause edward to be able to
change any file he wants, regardless of permissions or any other action
you may take.
Regards,
Les H
More information about the fedora-list
mailing list