[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Telnet access question

Subject: Re: [cobalt-users] Telnet access question
From: Brent Sims <brent@xxxxxxxxxxx>
Date: Tue May 30 09:43:59 2000

On Tue, 30 May 2000, alonsog@xxxxxxxxxxxxx so wrote:

} Is it normal that a virtual site's admin user with shell access is able to
} navigate beyond his domain's folder? (while under a Telnet Session). I
} havent tried modifying any files because I'm barely learning the ropes, but
} it seemed strange to me that I was able to see all the directory tree
} instead of just my domain's portion of it while logged in as a virtual
} site's admin user. Fortunately, I am that user (also the Raq's only
} administrator so far) but it scares me to know that if I give shell access
} to any of my admin users he'll be able to make changes beyond his domain.
} Does this present a security risk? is it normal? Please comment...


Hi Alonso,

	This is normal. Unless you switch to a chroot (change
root - and doing so is not an easy task) enviornment anyone with
shell access will be able to root around the entire directory
tree. Cobalt did a pretty good job setting file and directory
permissions in such a manner to prevent the average user from doing
anything they shouldn't, however, shell access simply cannot be
provided in a secure manner. Regardless of what you do, or how you
do it, a knowledgable person can circumvent the vast majority of
barriers placed between them and critical system files. Worse yet,
perhaps, telnet uses plain text passwords which means that that
user's passwords are pretty easy to obtain by those who know what
they are doing.

	There are a number of things one can easily do which will
not actually make the system more secure but which will allow you to
monitor it close enough to give you at least a chance of keeping on
top of things. At the very same time I hesitate to recomend that
anyone who would ask this provide shell access to their users.

	With that said, the Lunix Administrators Security Guide is a
pretty good way to quickly and easily learn a whole lot more about
system security:

	http://www.securityportal.com/lasg/

	Peace be with you,
	
	Brent
	
	Brent Sims
	WebOkay Internet Services
	http://www.WebOkay.net
	Brent@xxxxxxxxxxx
	(719) 595-1427 (Voice/Fax)

References:
- [cobalt-users] Telnet access question
  - From: alonsog

Prev by Date: Re: [cobalt-users] Scheduled Backup Problems
Next by Date: Re: [cobalt-users] Password getting locked o RAQ2
Previous by thread: [cobalt-users] Telnet access question
Next by thread: RE: [cobalt-users] Telnet access question

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index