[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Restricting Telnet Users

Subject: Re: [cobalt-developers] Restricting Telnet Users
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Wed Oct 11 13:42:01 2000
Organization: nobaloney.net
List-id: Mailing list for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

Richard Badua wrote:

> How do you restrict telnet users from leaving their directories.

Short answer:  you don't.

Long answer:  You write your own telnet daemon.

Answer you can't implement on the RaQ:  You use freeBSD instead of
linux.

Some answers to the question you didn't ask...

1. You NEVER use telnet.  You turn it off.  You take it off your
system.  But before you do, you install and thoroughly test a viable and
secure alternative, or you're in a lot of trouble <wry grin>.

2. If you don't trust your users to see all the "visible" directories,
you don't trust them to telnet in.  Or use shell accounts via SSH,
either...

Reason for #2:  Give me an unprivileged user account on your system, in
any of the domains, and also give me shell privileges, and give me five
minutes, and I'll own root, and change it's password.  I'm sure I'm not
the only one on this list who can do it.  (Though this is NOT a
hypothetical situation, I'll only do it if we have a written contract in
place.)

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

References:
- [cobalt-developers] Restricting Telnet Users
  - From: Richard Badua

Prev by Date: [cobalt-developers] procedural language pgSQL - where to get it and how to install???
Next by Date: Re: [cobalt-developers] Is there a Cobalt rpm for RAQ3 Perl DBI?
Previous by thread: [cobalt-developers] Restricting Telnet Users
Next by thread: [cobalt-developers] default homepage for virtualsites

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index