Date: Sat, 19 Feb 2000 19:04:46 -0500 From: "Tom Marchand" <unixwiz@mediaone.net> To: freebsd-security@freebsd.org Subject: Controlled Network Access Message-ID: <200002200009.TAA24866@duval.se.mediaone.net>
next in thread | raw e-mail | index | archive | help
I would like to control which users can access tcpip utilities(ftp,telnet, etc) by using groups. I realize that this can be accomplished via the proper file permissions on each utility. This works but it will not prevent somebody from compiling their own ftp, telnet etc. My thought was to perform the authorization at the socket level. This would entail modifaction of the kernel to only allow root or a member of the tcpip group to open a socket. Does anybody know if this has been done or if it would even work? I originally had this requirement at work to lock down external vendors. Since we are an AIX shop it was quite easy. On AIX you must be a member of the system group to access network utilities. -- Think Different! Think Apple!! (YES I DO use macs on the desktop and FreeBSD on the servers!) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002200009.TAA24866>