RE: Security Issues....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok..

>From what you are saying, you're implying that security is simply a matter
of not giving the user root access... I'm not sure I'm buying that. If
security where that easy, there would be no real issues surrounding creating
a secure system.

I'm trying to find information from guys who have created secure systems,
who can provide insight into the issues with chroot, etc... Resources who
can discuss the various pros/cons of a given security strategy... As I
pointed out, I'm considering letting users into my machines, so I'd like to
know what this really entails....

Thanks

-Bruce
bedouglas@xxxxxxxxxxxxx


-----Original Message-----
From: redhat-list-admin@xxxxxxxxxx
[mailto:redhat-list-admin@xxxxxxxxxx]On Behalf Of Ed Greshko
Sent: Thursday, December 04, 2003 10:17 PM
To: Redhat-list@xxxxxxxxxx
Subject: RE: Security Issues....


On Fri, 2003-12-05 at 12:11, bruce wrote:

> We're looking for what has to be done to set up a secure environment for a
> development process.

Define "secure".  :-)

If you create your users with unique uid/gid values (as is the default
when adding users) they will be generally restricted from writing to any
area other than what is below their home directory starting point.  Yes,
they will have access to /tmp.

They could write and execute their programs just fine as long as they
aren't writing code that needs a higher level of system access.  For
example, if they are writing code where they needed to bind to the
network card on port 44 then they would need a higher level of access,
a.k.a. root, and this can be dangerous...and is certainly insecure.

So, don't give your users root access and they would have to try really
hard to muck up your systems.

Ed

>
> Thanks
>
> -Bruce
> bedouglas@xxxxxxxxxxxxx
>
>
> -----Original Message-----
> From: redhat-list-admin@xxxxxxxxxx
> [mailto:redhat-list-admin@xxxxxxxxxx]On Behalf Of Michael Burger
> Sent: Thursday, December 04, 2003 7:54 PM
> To: redhat-list@xxxxxxxxxx
> Subject: Re: Security Issues....
>
>
> http://www.openssh.org/ if you want shell access
>
> Mike
>
> On Thursday 04 December 2003 10:09 pm, bruce wrote:
> > Hi..
> >
> > I'm relatively new to Linux, but I have a few questions concerning
> > security. If there is a better/more appropriate site, I'd appreciate
being
> > pointed in that direction...
> >
> > I'm looking at setting up a few machines to allow users to access the
> > machines and perform development work on the machines. By development, I
> > mean the ability to actually run various scripting languages
> > (Perl/PHP/etc...) and the ability to actually build/compile/run their
> C/C++
> > apps....
> >
> > My question has to do with the problem of creating an environment that's
> > reasonably secure. Is there a way/ways to create this kind of
environment
> > such that a user can essentially have his/her own space and not somehow
> > screw up the system. Are there pointers that you can provide to give me
a
> > better high level understanding of what this kind of environment would
> > entail...
> >
> > I've done the Google thing but I have a lot more questions...
> >
> > Thanks in advance for any help/assistance with this issue...
> >
> > Hey... If you live close to me, I'd even buy you lunch!!!
> >
> > Thanks
> >
> > Bruce Douglas
> > bedouglas@xxxxxxxxxxxxx
> > (925) 866-2790
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
--
"An opinion is like an asshole - everybody has one."
    - Clint Eastwood as Harry Callahan, The Dead Pool - 1988.


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux