limitation of user a/c ( telnet service )
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Wed Feb 7 12:52:09 UTC 2007
Les wrote:
>On Wed, 2007-02-07 at 12:44 +0800, edwardspl at ita.org.mo wrote:
>
>
>>Sam Varshavchik wrote:
>>
>>
>>>edwardspl at ita.org.mo writes:
>>>
>>>
>>>
>>>>蝡? HTML content follows 蝵?
>>>>Les wrote:
>>>>
>>>>
>>>>>On嚙確ue,嚙?2007-02-06嚙窮t嚙?23:06嚙?
>>>>>+0800,嚙?<URL:mailto:edwardspl at ita.org.mo>edwar
>>>>>dspl at ita.org.mo嚙緩rote:
>>>>>嚙踝蕭
>>>>>
>>>>>
>>>>>
>>>>>>Dear嚙璀ll,
>>>>>>
>>>>>>How嚙箱an嚙緩e嚙締imit嚙窮嚙線ser嚙窮/c嚙緩hen嚙緣elnet嚙緣o嚙緣he嚙編erver嚙?:
>>>>>>eg嚙?:
>>>>>>
>>>>>>[edward at svr1嚙羯]$嚙締s嚙?-l嚙?-a
>>>>>>total嚙?36
>>>>>>drwx------嚙?3嚙箴dward嚙箴dward嚙?4096嚙瘤eb嚙踝蕭6嚙?22:51嚙?.
>>>>>>drwxr-xr-x嚙?5嚙緝oot嚙踝蕭嚙緝oot嚙踝蕭嚙?4096嚙瘤eb嚙踝蕭6嚙?22:50嚙?..
>>>>>>-rw-------嚙?1嚙箴dward嚙箴dward嚙踝蕭嚙?14嚙瘤eb嚙踝蕭6嚙?22:52嚙?.bash_history
>>>>>>-rw-r--r--嚙?1嚙箴dward嚙箴dward嚙踝蕭嚙?24嚙瘤eb嚙踝蕭6嚙?22:50嚙?.bash_logout
>>>>>>-rw-r--r--嚙?1嚙箴dward嚙箴dward嚙踝蕭176嚙瘤eb嚙踝蕭6嚙?22:50嚙?.bash_profile
>>>>>>-rw-r--r--嚙?1嚙箴dward嚙箴dward嚙踝蕭124嚙瘤eb嚙踝蕭6嚙?22:50嚙?.bashrc
>>>>>>drwxr-xr-x嚙?3嚙箴dward嚙箴dward嚙?4096嚙瘤eb嚙踝蕭6嚙?22:50嚙?.kde
>>>>>>-rw-r--r--嚙?1嚙箴dward嚙箴dward嚙踝蕭658嚙瘤eb嚙踝蕭6嚙?22:50嚙?.zshrc
>>>>>>[edward at svr1嚙羯]$
>>>>>>
>>>>>>Prevent嚙線ser嚙?"edward"嚙篆rom嚙範oing嚙緣he嚙篆ollowing嚙?:
>>>>>>modify嚙?/嚙範el嚙緣he嚙箴xiting嚙篆iles嚙?(嚙範efault嚙箭y嚙緣he嚙編ystem嚙?).
>>>>>>
>>>>>>Allow嚙線ser嚙?"edward"嚙箱reate嚙?/嚙範el嚙?/嚙練odify嚙緻ther嚙篁is嚙緻wn嚙篆iles嚙?/嚙範irs.
>>>>>>
>>>>>>Edward.
>>>>>>--嚙?
>>>>>>嚙踝蕭嚙踝蕭
>>>>>>
>>>>>>
>>>>>Have嚙緝oot嚙箱reate嚙緣he嚙篆iles嚙緩ith嚙緝oot嚙窮ccess,嚙緣hen嚙緘ut嚙緣he嚙緩orld嚙緝ead嚙窮nd
>>>>>execute嚙緘rivilege嚙緻n嚙緣hem.嚙踝蕭Only嚙緝oot嚙箱an嚙緣hen嚙練odify嚙緣hem.
>>>>>
>>>>>Regards,
>>>>>Les嚙瘡
>>>>>
>>>>>嚙踝蕭
>>>>>
>>>>>
>>>>But when user "edward" login to the server by the telnet service,
>>>>then he can modify the dot file...
>>>>
>>>>
>>>1) No, he can't. Not if the file is owned by root, with no other
>>>permissions.
>>>
>>>2) If you allow telnet access, you have more problems to worry
>>>about. Such as anyone with access to your local network, or your
>>>Internet provider's network, being able to capture your login
>>>passwords.
>>>
>>>
>>>
>>>
>>For the point 1, user edward he can modify / delete the dot file....
>>--
>>
>>
>Is user edward a superuser? If so, that will cause edward to be able to
>change any file he wants, regardless of permissions or any other action
>you may take.
>
>Regards,
>Les H
>
>
>
Hello to you,
User "edward" is a normal user account...
Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070207/f20d7100/attachment-0001.htm>
More information about the fedora-list
mailing list