Mailinglist Archive: opensuse-security (605 mails)

< Previous Next >
Re: [suse-security] restricting user commands
  • From: <greg@xxxxxxxxxxxxxxx>
  • Date: Wed, 3 Oct 2001 11:18:55 -0700 (PDT)
  • Message-id: <Pine.LNX.4.33.0110031118450.5957-100000@xxxxxxxxxxxxxxx>
Thanks....

----
Greg,
Computer Frontiers International

,,,
/'^'\
( o o )
oOOO--(_)--OOOo----------------------

"Just because you're not paranoid, it doesn't mean they are *not* after
you!"

On Mon, 1 Oct 2001, Markus Gaugusch wrote:

> > I would like to restrict the commands that a specific user can use on my
> > linux box.
> This is generally not useful. anyone could compile the commands (maybe on
> another machine) and put them on your box (except for suid binaries, of
> course).
> Linux is a stable and secure OS, you don't really need to block some
> programs.
> What you may want to do is to enable the procfs patch (get it from
> www.openwall.com/linux), which prevents a user to see other users
> processes.
> You should also make /tmp in a noexec and nosuid partition and /home also
> nosuid. then give each user a private tmp directory and set TMPDIR and
> TEMPDIR to this directory. screen (if you use it) should also be
> configured to use this private directory.
> Don't forget to apply patches as soon as they come out.
>
> hth
> Markus
>
> --
> _____________________________ /"\
> Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
> markus@xxxxxxxxxxxxxxxx X Against HTML Mail
> / \
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>


< Previous Next >
References