Mailinglist Archive: opensuse-security (196 mails)

< Previous Next >
Re: [suse-security] limiting sftp users to specific dir
  • From: "Dirk Schreiner" <dirk.schreiner@xxxxxxx>
  • Date: Sun, 24 Oct 2004 22:54:50 +0200
  • Message-id: <417C169A.5060703@xxxxxxx>
Hi Hugo,


Hugo schrieb:

Hi!

Thanks for the answer.

On Sun, 24 Oct 2004 01:47:43 +0900, - Edwin - <copperwa11s@xxxxxxxxxxx> wrote:

I think the problem stems from the fact that when you add a
new user using YaST (using all default settings), the default
group would be "users" and the permissions on the home
directory would be something like this:

drwxr-xr-x


Yes, this is what happens.

and it`s why SuSE Linux is called "Nürnberg Windows".



So, yes, this is *not* good since the group "other" will have
read + execute permissions on one's home directory. Also,

One need`s x-Perm to read the content`s of a Dirextory.


[...]

(I thought be default Linux was more secure...)

Linux is just the Kernel.
Every other Progranm is called Aplication.
And yes, the Kernel is fairly secure if configured
correct. ;-)


Well, maybe this is true for the "Personal" or "Professional"
versions of *SUSE* Linux ;) (Not sure about the server
version since I haven't tried it.)


It`s the same in the SLES-Versions.
(And I, personally don`t like this ;-(( )


We do have one SuSE "server" at work, but it's actually 64bit
Professional 9.0 :-)

But _sometimes_ better default configuration.



Apparently there's a problem, IMHO, with the current
implementation in YaST when adding users using the default
settings. Anyway, I'm sure not all linux distros behave the
same way. Besides, there's a "fix" for that default behavior
of YaST -- see below.

IMHO yast is a fairly good Program,
but Users are better added manually.
(And if you did it twice it`s faster too.)



Btw.
If you want to get around the bad default permissions,
you should type:

vi /etc/profile
/umask
/022
cw077
:wq

(Or in other words:
edit the Umask in Systemwide profile)

Dirk
TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de --------------------------------------------------------

working hard | for your success
--------------------------------------------------------

Registergericht München HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschäftsführer: Richard Hofbauer Rosa Igl --------------------------------------------------------

Nachricht von: dirk.schreiner@xxxxxxx
Nachricht an: suse-security@xxxxxxxx
# Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you




















< Previous Next >
References