Date: 26 Oct 2002 18:07:57 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> To: "Unix Tools" <unixtools@hotmail.com> Cc: "Adam Bender" <abender@andrew.cmu.edu>, <questions@FreeBSD.ORG> Subject: Re: Setting permissions for a user Message-ID: <44y98konuq.fsf@be-well.ilk.org> In-Reply-To: <OE74vxtJ08v7jWLhZS600007a0e@hotmail.com> References: <Pine.GSO.4.44L-027.0210260058190.21991-100000@unix13.andrew.cmu.edu> <OE74vxtJ08v7jWLhZS600007a0e@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Unix Tools" <unixtools@hotmail.com> writes: > Assign the user an rbash shell. > Quite restrictive. It's not restrictive enough for a potentially malicious user (which is the case here, because the original poster knew the password could be sniffed). If you're going to give a shell at all in such cases, you need to use jail(8) or at least chroot(8). In this case, the original poster specifically said he wanted to give the account no password at all (which is, of course, even more restrictive), so these are overkill for this situation. Restricted shells really aren't for security uses. They are too easy to break out of (if you let them run any useful programs, anyway). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44y98konuq.fsf>