limitation of user a/c ( telnet service )

edwardspl at ita.org.mo edwardspl at ita.org.mo
Wed Feb 7 04:44:41 UTC 2007


Sam Varshavchik wrote:

> edwardspl at ita.org.mo writes:
>
>> 竄 HTML content follows 罈
>> Les wrote:
>>
>>> On?Tue,?2007-02-06?at?23:06?+0800,?<URL:mailto:edwardspl at ita.org.mo>edwar
>>> dspl at ita.org.mo?wrote:
>>> ??
>>>
>>>> Dear?All,
>>>>
>>>> How?can?we?limit?a?user?a/c?when?telnet?to?the?server?:
>>>> eg?:
>>>>
>>>> [edward at svr1?~]$?ls?-l?-a
>>>> total?36
>>>> drwx------?3?edward?edward?4096?Feb??6?22:51?.
>>>> drwxr-xr-x?5?root???root???4096?Feb??6?22:50?..
>>>> -rw-------?1?edward?edward???14?Feb??6?22:52?.bash_history
>>>> -rw-r--r--?1?edward?edward???24?Feb??6?22:50?.bash_logout
>>>> -rw-r--r--?1?edward?edward??176?Feb??6?22:50?.bash_profile
>>>> -rw-r--r--?1?edward?edward??124?Feb??6?22:50?.bashrc
>>>> drwxr-xr-x?3?edward?edward?4096?Feb??6?22:50?.kde
>>>> -rw-r--r--?1?edward?edward??658?Feb??6?22:50?.zshrc
>>>> [edward at svr1?~]$
>>>>
>>>> Prevent?user?"edward"?from?doing?the?following?:
>>>> modify?/?del?the?exiting?files?(?default?by?the?system?).
>>>>
>>>> Allow?user?"edward"?create?/?del?/?modify?other?his?own?files?/?dirs.
>>>>
>>>> Edward.
>>>> --?
>>>> ????
>>>
>>> Have?root?create?the?files?with?root?access,?then?put?the?world?read?and
>>>
>>> execute?privilege?on?them.??Only?root?can?then?modify?them.
>>>
>>> Regards,
>>> Les?H
>>>
>>> ??
>>
>> But when user "edward" login to the server by the telnet service,
>> then he can modify the dot file...
>
>
> 1) No, he can't. Not if the file is owned by root, with no other
> permissions.
>
> 2) If you allow telnet access, you have more problems to worry about.
> Such as anyone with access to your local network, or your Internet
> provider's network, being able to capture your login passwords.
>
>
For the point 1, user edward he can modify / delete the dot file....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070207/5627aedb/attachment-0001.htm>


More information about the fedora-list mailing list