On Mon, Jan 06, 2003 at 07:38:40AM -0800, Jesse Keating wrote: > On Monday 06 January 2003 07:26, Remus uttered: > > As I told I need a few accounts for sftp connection and I would like to > > prevent these users to see/use root folder. > > Hrm, I see this request a lot, but I don't exactly understand why.. if the > box is properly configured, what would it matter if they see the root > partition, or any other globally readable file. Perhaps I'm just too good > natured, or don't know how to |-|4x0r enough or whatever. You must be too good natured. A properly implemented access control mechanism gives out information only on a need-to-know basis. The default should always be deny first. The default in Linux (and most Unix implementations) allows all users to view the passwd file. This is bad - there is no reason why one of my customers should be able to determine my user names. With wu-ftpd, they don't know. With sftp, they can simply grab the passwd file and will have a head start in cracking my system. -- Ed Wilts, Mounds View, MN, USA mailto:ewilts@ewilts.org Member #1, Red Hat Community Ambassador Program -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
