Hi! Thanks again for very enlightening answer! On Sat, 23 Oct 2004 11:31:28 -0400, suse@rio.vg <suse@rio.vg> wrote:
Quoting Hugo <hg.list@gmail.com>:
It all depends on what you mean by "secure". Security and convenience are always a tradeoff. If you put work into it, applying the NSA patches, using
What I meant was that I believe that the system should be made so secure that I do not have to worry about users making a error (which in corporate world would be regarded as doing something against the policy). In my case, this means that those who have remote access, could not even see things outside their home - or if somebody else gets hold of their session.
With linux, it's not a question of "policy", but a matter of how much convenience you're willing to give up.
I do understand what you are saying as general. In the chrooted sftp case, though, I can not see it. But I get your point.
Ah, but you said you gave these people access to the console, that's why I
Indeed, at least some of them. But the console is in "secure location" under my nose. :-)
mentioned it. But honestly, I don't know of any attack vector from just simple sftp. If I had both sftp and ssh, I might be able to smuggle a rootkit onto
I was thinking about not allowing ssh, but just sftp. I just didn't get there yet.
the system and execute it via ssh. However, if you keep your system up to date with YoU or fou4s, that's rather unlikely to work. (And it will still work
I have the automatic updates on even though it has left my system unbootable twice after kernel update.... :-( but I already know how to fix that.
The most malicious thing I could do from sftp is get some information out of your system like the list of users and some of the configuration files. On a default system, none of those config files will have a password in it, so it's not really all that useful to an attacker.
Except that my personal information stored on the computer might be compromised.
Putting the whole Linux partition as a samba share is kinda silly. Most people create a directory with the proper permissions to allow everyone to access it through samba. Coupled with the Home dir functionality of samba, it makes much more sense to most windows users and keeps your filesystem tidy.
Ah, sorry. I did confuse it a little. Not the whole partition, but a dir under that partition that I actually regard as a partition. The libs and bins there are our own products and scripts, not the ones from Linux. But still backs up my point that if users see strange dirst called lib and bin and so on, they get confused. Home dirs are also shared like you say, but all work is "group work" and stored in the shared area and not home dirs.
Lastly: When the windows people sftp in, they're going to start in their home directory, not in the root area, so your worry about confusion is unfounded.
The best and about only graphical sftp program is WinSCP. And that makes it way too easy to skip back to / and start browsing around.
It's only if they traverse up the file system that they can see the rest of it.
Like I said many times before, because I do not know enough about Linux, I'm very afraid of them seeing around. I know have a little better understanding about it - thanks to you.
Ah, but for instance in SuSE 9.1 default configuration they can see other users home dirs! And as I'm quite new to administrering linux, I do not know what other things they can see and should not be able to see!
That's your opinion. It all depends on your environment. A `chmod 700 *` in /home will fix that up.
Well, by environment is almost default installation of SuSE 9.1. I know chmod would fix that... I was just a little more than little surprised that it is set up the way it is. Noticing that led me thinking that maybe there are lot's of other places where I should say chmod to get this box secure. Thankfully /etc/passwd and shadow doesn't seem to be such places.
Your suspicion is incorrect. The passwords in linux are stored in /etc/shadow. [snip] Thanks for this lengthy explanation. I knew about /etc/passwd, but I had never heard about the shadow. Now that I looked at my passwd file for the first time, I noticed that the password hashes are not stored there like I though (but in the shadow). Thanks for the setuid explanation also. It's not the users reading those files, but root.
EXECUTE from those places. To someone from the windows world, the Linux filesystem seems hopeless complex. In windows, programs and libraries are generally in to places, individially under /Program Files/ and in the massive /WINDOWS/ area. In linux, they are layed out according to what they are. Libraries go in /lib directories, programs in /bin directories, and configuration in /etc. When I run a program, it access all of these areas, so
What actually confuses me more is that I have noticed that the dirs are not really that standard. I remember setting up Apache on this box. Installation was easy (with YAST), but everything else was ... well RTFM for long time :-) The problem was that the manuals YAST installed with it didn't point to the same directories. And as no installation program asked where to put that... took me a long time to find them! It was very confusing as the installation and manual wasn't in "sync."
It isn't as easy to create a hole as you think. Linux was largely designed with the typical hacker mentality of "security through obscurity is worthless". The user gets to read most things, but not write. The system areas of SuSE have pretty good security, especially if kept up to date.
Ok, I believe you. And I fully sign the "security through obscurity is worthless". But I'm affraid that it is insecurity through obscurity that might happen. Thinking back at the situation we had in previous (data mining) company. Customers scp data in. I do not know how that was set up. But if they could only see their own directory, the system admin would have to spend time double checking that the customers do not by accident get to see something they should not. But of course, chrooting should answer this.
I'd recommend getting a book on Linux Systems Administraton. I'm not trying to be condescending. Linux uses a very different paradigm for security than
I tried. But there are not good Linux books out there... well there are, but they are all outdated! And since all distros are quite different, I wanted to find one about SuSE. No such luck.... and so the best and most uptodate books I could find were the SuSE PDF manuals. But of course, they talk about everything and nothing so narrow as chrooting sftp.
Forums like this list can help you with specifics, but the broader theoretical knowledge is much better obtained from a real book.
I'm really sorry... I really thought there was just some small line in some config file that I had missed, and I thought I'm really asking something simple and specific. But I'm really grateful for you answers and pointers. Thanks again. -- HG