At 01:54 PM 1/19/00 Liz wrote:
I'm yet another newbie to the RaQ3 and this mailing list...and what creeps me out is that when a user logs into telnet (if access is enabled for a user) that user can go back to the root directory, or any other directory, and snoop around. I sure don't want users knowing the location of key files and other whatnots. How can I stop them from going past their own /home/sites/site?/web/ directory?
You can't. Linux is an offshoot of Unix. Both were developed in open, academic environments, where security was NOT an issue.
There's been a lot of security grafted onto both Linux and Unix; for example the passwords, which used to be encoded in a world-readable /etc/passwd file are now kept (same encoding) in a root-only-readable /etc/shadow file. But yes, anyone who logs into telnet will know exactly where the file is.
Good hackers can comprise machines very easily with telnet access. Bad hackers can do it accidentally by running a program as simple as majordomo.
(And yes, I DO know the difference between a hacker and a cracker; ability does NOT equal intent.)
Jeff -- Jeff Lasman, nobaloney.net <jblists@xxxxxxxxxxxxx> <www.nobaloney.net>, <www.mailtraqna.com>, <www.email-lists.com>