Date: Thu, 27 Jul 2000 00:58:24 -0600 (MDT) From: "Forrest W. Christian" <forrestc@imach.com> To: "chem@i-p-d.nl" <chem@i-p-d.nl> Cc: Kenn Martin <kmartin@infoteam.com>, freebsd-isp@FreeBSD.ORG Subject: Re: limiting telnet-users Message-ID: <Pine.BSF.4.21.0007270048130.11446-100000@workhorse.iMach.com> In-Reply-To: <200007270728.JAA09013@ns1.i-p-d.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
I probably missed this info which I am mentioning here from an earlier post. What exactly are you trying to prevent these users from doing? About the only way to confine users to their own little private world is chroot. Period. The problem with any other approach is that it is virtually impossible to confine a user to a specific directory. About the only way to do this is to modify the shell (or provide a teency shell) to prevent access. BUT, as soon as you give them access to an editor, you have opened up an entire can of worms. Either you generally trust your users and you give them a shell account or you don't and you put them in a chroot dir. Any other restrictions you provide essentially serve to keep the clueless honest. Give me 5 mins on any non-chroot system and I'll be past the security. Chroots are SIGIFICANTLY more difficult to break out of. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007270048130.11446-100000>