Re: limitation of user a/c ( telnet service )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2007-02-07 at 12:44 +0800, edwardspl@xxxxxxxxxx wrote:
> Sam Varshavchik wrote:
> > edwardspl@xxxxxxxxxx writes: 
> > 
> > > 竄 HTML content follows 罈 
> > > Les wrote: 
> > > > On�Tue,�2007-02-06�at�23:06�
> > > > +0800,�<URL:mailto:edwardspl@xxxxxxxxxx>edwar
> > > > dspl@xxxxxxxxxx�wrote: 
> > > > �� 
> > > > 
> > > > > Dear�All, 
> > > > > 
> > > > > How�can�we�limit�a�user�a/c�when�telnet�to�the�server�: 
> > > > > eg�: 
> > > > > 
> > > > > [edward@svr1�~]$�ls�-l�-a 
> > > > > total�36 
> > > > > drwx------�3�edward�edward�4096�Feb��6�22:51�. 
> > > > > drwxr-xr-x�5�root���root���4096�Feb��6�22:50�.. 
> > > > > -rw-------�1�edward�edward���14�Feb��6�22:52�.bash_history 
> > > > > -rw-r--r--�1�edward�edward���24�Feb��6�22:50�.bash_logout 
> > > > > -rw-r--r--�1�edward�edward��176�Feb��6�22:50�.bash_profile 
> > > > > -rw-r--r--�1�edward�edward��124�Feb��6�22:50�.bashrc 
> > > > > drwxr-xr-x�3�edward�edward�4096�Feb��6�22:50�.kde 
> > > > > -rw-r--r--�1�edward�edward��658�Feb��6�22:50�.zshrc 
> > > > > [edward@svr1�~]$ 
> > > > > 
> > > > > Prevent�user�"edward"�from�doing�the�following�: 
> > > > > modify�/�del�the�exiting�files�(�default�by�the�system�). 
> > > > > 
> > > > > Allow�user�"edward"�create�/�del�/�modify�other�his�own�files�/�dirs. 
> > > > > 
> > > > > Edward. 
> > > > > --� 
> > > > > ���� 
> > > > Have�root�create�the�files�with�root�access,�then�put�the�world�read�and 
> > > > execute�privilege�on�them.��Only�root�can�then�modify�them. 
> > > > 
> > > > Regards, 
> > > > Les�H 
> > > > 
> > > > �� 
> > > But when user "edward" login to the server by the telnet service,
> > > then he can modify the dot file... 
> > 
> > 1) No, he can't.  Not if the file is owned by root, with no other
> > permissions. 
> > 
> > 2) If you allow telnet access, you have more problems to worry
> > about.  Such as anyone with access to your local network, or your
> > Internet provider's network, being able to capture your login
> > passwords. 
> > 
> > 
> For the point 1, user edward he can modify / delete the dot file....
> -- 
Is user edward a superuser?  If so, that will cause edward to be able to
change any file he wants, regardless of permissions or any other action
you may take.

Regards,
Les H

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux