RE: [suse-security] Login questions
try $echo `http://www.clustercom.com Tel.: +34 93 582 02 90 Fax: +34 93 582 01 59 -----Original Message----- From: Robert Pintarelli [mailto:robert.pintarelli@serco-scs.de] Sent: jueves, 07 de febrero de 2002 17:03 To: suse-security@suse.com Subject: Re: [suse-security] Login questions Praise wrote:
Il 12:06, giovedì 7 febbraio 2002, NP AE Ruslan Nesterov ha scritto:
Dear mail list members,
I never thought that I'll face it but now I did. So my question is really simple, I need to prevet a user going anywhere outside his home catalog. ex: user catalog is /home/bla so he couldn't go to /home. Also how to prevent user login in via telnet, ssh, but letting him log in via ftp server. When I put /sbin/nologin. Ftp server is not allowing to log in. Any ideas?
Set the default shell to /bin/false and they wont be able to login with telnet or ssh. But if you do not need them, turn them off!
Praise
/bin/false is not always a good solution, some ftpds/other daemons want that the shell the login shell returns true, so /bin/true might be better. another nice thing is to point the login-shell to /bin/passwd, so your users can change their password an nothing else. if you need a shell login, but want them jailed in their home-dir you can use rbash as login shell (restricted bash). but the you must take care, that the users find everything they need in their homedir because rbash chrootes to that dir. if you only need ftp login turn the login shell to /bin/true and configure your ftpd so that they are jailed in their homedir. for example in proftpd you can use the DefaultRoot directive in the configfile. other ftpds (like wu-ftpd) can do the same, but unlike proftpd most of these don't have builtin commandos like ls, so that you must setup this tools in the users' home. AFAIK there is a suse package that contains all needed binaries for a chrooted ftp. hth robert -- ----------------------------------------------------------------------- Robert Pintarelli robert.pintarelli@serco-scs.de SERCO Service Center Sued GmbH www.serco-scs.de Individuelle Datenverarbeitung und Kommunikation D-89077 Ulm ----------------------------------------------------------------------- -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi folks! On Fri, 8 Feb 2002, José Luis Ledesma wrote:
try
$echo `
with rbash...
Looking into the manpage I come to the conclusion that this action is perfectly allowed by rbash. The statement of the previous poster that rbash chroots itself is simply wrong. This you have to do yourself. BTW: you can simply cat /etc/passwd. You only cannot run commands that are not in the PATH (and some other tricks). Ciao, Roland main(int k,char**p){char*q=p[2];float i,j,r,x,y,a=*q++/4;for(y=a;--y>- a;puts(""))for(x=0;x++<*q;putchar(p[1][k%9]))for(i=k=r=0;j=r*r-i*i+(x/ *q*q[2]-q[1])/40,i=2*r*i+y/q[3],j*j+i*i<11&&++k<99;r=j);}
participants (2)
-
José Luis Ledesma
-
Roland Kuhn