[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] telnet access to users?

Subject: Re: [cobalt-users] telnet access to users?
From: Liz <daldog@xxxxxxxx>
Date: Wed Jan 19 23:31:57 2000

You're coming in loud and clear, but here's a bit of an
arguement to the "can't" response, if you'll allow.  I have
a web site design client who's on someone else's server and
each time I key in one too many "cd ..'s", that server
prompts me with a "restricted access" notice once I've
attempted to go beyond that user's assigned directory.  I
believe that server is running the Slackware flavor of Linux
on a regular ole PC server.

So my question is...is it possible to run any generation of
RaQs using a different shell, or possibly a more securely
configurable shell other than bash?   I'm open for any
ideas.

Liz

------Original Message------
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Sent: January 20, 2000 12:58:37 AM GMT
Subject: Re: [cobalt-users] telnet access to users?

At 01:54 PM 1/19/00  Liz wrote:
>I'm yet another newbie to the RaQ3 and this mailing
>list...and what creeps me out is that when a user logs into
>telnet (if access is enabled for a user) that user can go
>back to the root directory, or any other directory, and
>snoop around.  I sure don't want users knowing the location
>of key files and other whatnots.  How can I stop them from
>going past their own /home/sites/site?/web/ directory?

You can't.  Linux is an offshoot of Unix.  Both were
developed in open,
academic environments, where security was NOT an issue.

There's been a lot of security grafted onto both Linux and
Unix; for
example the passwords, which used to be encoded in a
world-readable
/etc/passwd file are now kept (same encoding) in a
root-only-readable
/etc/shadow file.  But yes, anyone who logs into telnet will
know exactly
where the file is.

Good hackers can comprise machines very easily with telnet
access.  Bad
hackers can do it accidentally by running a program as
simple as majordomo.

(And yes, I DO know the difference between a hacker and a
cracker; ability
does NOT equal intent.)

Jeff

--
Jeff Lasman, nobaloney.net
<jblists@xxxxxxxxxxxxx>
<www.nobaloney.net>, <www.mailtraqna.com>,
<www.email-lists.com>

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com?sr=mc.mk.mcm.tag001

Follow-Ups:
- Re: [cobalt-users] telnet access to users?
  - From: cfb
- Re: [cobalt-users] telnet access to users?
  - From: Steven Werby
- Re: [cobalt-users] telnet access to users?
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-users] Kernel 2.0.34C52_SK-2 logged messages
Next by Date: [cobalt-users] installing PHP3 on a RaQ 2
Previous by thread: RE: [cobalt-users] telnet access to users?
Next by thread: Re: [cobalt-users] telnet access to users?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index