RE: [cobalt-users] Setting permissions

[Weihan Leow <wleow@xxxxxxxxxxx>]

Thanks for the info.  I'll check out baseline myself.  As far as granting
shell access, this is not something I plan on giving everyone.  I have
only enabled shell access to people I actually know, for example, my
housemate.  If he breaks something, he's going to wake up to.....<edited>

Theres also a cool program, I fogot the name.  It's like ttyspy or
something.  You can actually see what your shell users are typing.  I
don't encourage this but if you want to invade privacy and snoop on your
users, I guess it's your choice since it's your server.

As far as chmod 711, what directories should I apply this on other than
siteX.  Should I do it for web and users/NAME -R?  Any user who knows the
dir structure of the raq can just cd into other directories but not be
able to ls is fine by me.

-Weihan

On Fri, 5 Jan 2001, nobody wrote:

> It will indeed. We don't provide shell access on our Cobalt's but on
> the machines we do we set the user directory 711. We also set the
> system directories that we don't want anyone poking around in to 751
> which prevents users from browsing them. A simple shell script can
> copy the contents of user history files every minute or two and send
> the results to you by email, baselines can be maintained via any
> number of freely available programs (search freshmeat.net for
> baseline), etc. The point is there all kinds of tricks you can use
> to monitor your shell users. We loudly let our shell users know that
> we're watching every time they login via a customized message of the
> day. We've only had to shut down one user in the two years we've
> been running them, but shell accounts are dangerous and shell users
> will do things they shouldn't be doing so you really need to be on
> your toes.