[SLE] Users having a Shell-Account: they can see everything!
Dear List, I have a couple of Shell-Account-users who can chdir to the root, and dir everything in my filesystem. Is there any way to confine them to their homedirectory like ProFTPd can? Thanks, Rogier Maas -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Wed, Feb 02, 2000 at 10:25:23PM +0100, Rogier Maas wrote:
Dear List,
I have a couple of Shell-Account-users who can chdir to the root, and dir everything in my filesystem. Is there any way to confine them to their homedirectory like ProFTPd can?
Yes, but why bother... If they realy can 'dir' everything, you have a bigger problem: you have no security. If they can read and change /etc/passwd and /etc/shadow, you realy have a big problem. If they can read 'almost' all, as in the default SuSE configuration, you should be oke. It is posible to confine a user to his/her homedir (see: man (1) chroot), but then you should also make quite a lot binairies (like /bin/cp and /bin/ls) and libraries (like: /lib/...) available in their homedir. It almost never is worth the trouble. With ProFTPd (I guess a FTP-daemon), you users only have to ftp files and and have only a few simple needs: (cd, ls). A shell account users has a lot more needs (like shells, mail-readers, etc.). Take a look at chmod (see: man (1) chmod) and learn how to change the permissions on important files/directories. You should buy a Unix book and learn somethings about basic Unix security. Your question indicates that you lack a lot of simple SysAdmin skils. In a Dutch bookstore, you can find quite a few Linux-books in Dutch. Today, I counted more than 10 different books...
Thanks,
Rogier Maas
Cees. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Cees van de Griend wrote:
On Wed, Feb 02, 2000 at 10:25:23PM +0100, Rogier Maas wrote:
Dear List,
I have a couple of Shell-Account-users who can chdir to the root, and dir everything in my filesystem. Is there any way to confine them to their homedirectory like ProFTPd can?
Yes, but why bother...
If they realy can 'dir' everything, you have a bigger problem: you have no security. If they can read and change /etc/passwd and /etc/shadow, you realy have a big problem. If they can read 'almost' all, as in the default SuSE configuration, you should be oke.
It is posible to confine a user to his/her homedir (see: man (1) chroot), but then you should also make quite a lot binairies (like /bin/cp and /bin/ls) and libraries (like: /lib/...) available in their homedir. It almost never is worth the trouble. With ProFTPd (I guess a FTP-daemon), you users only have to ftp files and and have only a few simple needs: (cd, ls). A shell account users has a lot more needs (like shells, mail-readers, etc.).
Take a look at chmod (see: man (1) chmod) and learn how to change the permissions on important files/directories.
You should buy a Unix book and learn somethings about basic Unix security. Your question indicates that you lack a lot of simple SysAdmin skils. In a Dutch bookstore, you can find quite a few Linux-books in Dutch. Today, I counted more than 10 different books...
Thanks,
Rogier Maas
Cees.
I've always found that basic UNIX security is not *really* what it was meant for. You must perform quite some tricks to get even the most simple thing done. Take Novell's NetWare for instance. They've got a much more secure security-model. Why doesn't UNIX have one? (Because it wasn't meant for that, ok). For instance: Why is it that users can read everything? I cannot just say: I don't want that user to be able to look in that directory. If I'd do that, I'd create quite a mess for him/her. If he/she logs in, all kinds of errormessages popup saying that it can't find the root path, etc. I'll look into the chroot stuff, but I'm already thinking about my next step: linking the binaries to their original paths. Of course, they can't see them, because they have only their own 'private' filesystem... Problems, problems, problems... Rogier -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Thu, Feb 03, 2000 at 12:12:46AM +0100, Rogier Maas wrote:
Cees van de Griend wrote:
On Wed, Feb 02, 2000 at 10:25:23PM +0100, Rogier Maas wrote:
Dear List,
I have a couple of Shell-Account-users who can chdir to the root, and dir everything in my filesystem. Is there any way to confine them to their homedirectory like ProFTPd can?
Yes, but why bother...
If they realy can 'dir' everything, you have a bigger problem: you have no security. If they can read and change /etc/passwd and /etc/shadow, you realy have a big problem. If they can read 'almost' all, as in the default SuSE configuration, you should be oke.
It is posible to confine a user to his/her homedir (see: man (1) chroot), but then you should also make quite a lot binairies (like /bin/cp and /bin/ls) and libraries (like: /lib/...) available in their homedir. It almost never is worth the trouble. With ProFTPd (I guess a FTP-daemon), you users only have to ftp files and and have only a few simple needs: (cd, ls). A shell account users has a lot more needs (like shells, mail-readers, etc.).
Take a look at chmod (see: man (1) chmod) and learn how to change the permissions on important files/directories.
You should buy a Unix book and learn somethings about basic Unix security. Your question indicates that you lack a lot of simple SysAdmin skils. In a Dutch bookstore, you can find quite a few Linux-books in Dutch. Today, I counted more than 10 different books...
Thanks,
Rogier Maas
Cees.
I've always found that basic UNIX security is not *really* what it was meant for. You must perform quite some tricks to get even the most simple thing done.
Huh? What do you mean? Just 'chmod 400 <file>' or 'chmod 700 <dir>' and your done.
Take Novell's NetWare for instance. They've got a much more secure security-model. Why doesn't UNIX have one? (Because it wasn't meant for that, ok).
I can't comment on NetWare, I know next to nothing about Novell. But this is the first time I have heard anyone call UNIX insecure. Compaired to what? Sure, Unix has it's problems, but almost always these are fixed very quickly. And the access model with user-group-others is sufficient in almost all cases.
For instance: Why is it that users can read everything?
They can't. Not the most important files. They shouldn't be able to change /etc/passwd and shouldn't be able to even read /etc/shadows.
I cannot just say: I don't want that user to be able to look in that directory. If I'd do that, I'd create quite a mess for him/her. If he/she logs in, all kinds of errormessages popup saying that it can't find the root path, etc.
Huh? You certainly can... Not the program files. A user has to read them to execute them. He/she can find the sources on the web, so he/she is able to know the workings of your programs in any case. You are in a SuSE list, so your probably have installed SuSE 6.3. In that case your shell-users can install the same system at home and know probably more about it than you do. The program files are not that important, so why bother.
I'll look into the chroot stuff, but I'm already thinking about my next step: linking the binaries to their original paths. Of course, they can't see them, because they have only their own 'private' filesystem...
This is called 'security by obscurity'. It never works in the long run. Unix is more open. The advantage is that problems are quickly fixed and I dare to say almost non-exsistent. If there are security-leaks, they are almost certainly your own doing.
Problems, problems, problems...
I don't see them. So your users can see the layout of your system, so what. The most important fact is that they can't change anything. In most cases a user can only change/write in his/her homedir and in /tmp. I bet you have no important files there. If a user can change other files, you have mis-installed your system and lack basic SysAdmin skills. What are you afraid of? If your are afraid of your users, maybe you shouldn't have them.
Rogier
Cees -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
* Rogier Maas (icarus@guldennet.nl) [20000203 00:12]:
say: I don't want that user to be able to look in that directory. If I'd do that, I'd create quite a mess for him/her. If he/she logs in, all kinds of errormessages popup saying that it can't find the root path, etc.
Yep, that's one of the problems ACLs would fix. AFAIK, there is a group working on ACLs for ext2, but I don't know the Status of that work. -- Philipp Thomas <pthomas@suse.de> SuSE GmbH, Deutschherrenstrasse 15-29, 90429 Nuremberg romance is... ...spending a winter evening together in front of xsnow Andre Deparade on de.talk.romance -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi. At 1:12 on 3 Feb 00, Philipp Thomas begun to yabber about "Re: [SLE] Users having a Shell-Acco" Date sent: Thu, 3 Feb 2000 01:12:39 +0100 From: Philipp Thomas <pthomas@suse.de> To: Rogier Maas <icarus@guldennet.nl> Copies to: suse-linux-e@suse.com Send reply to: suse-linux-e@suse.com Subject: Re: [SLE] Users having a Shell-Account: they can see everything!
Yep, that's one of the problems ACLs would fix. AFAIK, there is a group working on ACLs for ext2, but I don't know the Status of that work.
This is a feature of ext2 i would really like to see! Hopefully it is implimented soon :) Cya Matthew Matthew King: Sys Admin, Quakers Hill High School. My ICQ#: 2342475 Message me! Cellular Phone: +61 415 257 516 E-Mail: noodle@penguinpowered.com Homepage: http://www.penguinpowered.com/~noodle/ -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d+ s: a--- C++++ UL++++ P+ L+++ E---- W++ N++ o++ K w O- M- V- PS+ PE Y+ PGP- t+ 5++++ X++ R+ tv++ b+++ DI+++++ D++ G+++ e* h* r++ y+ ------END GEEK CODE BLOCK------ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Cees van de Griend wrote:
On Wed, Feb 02, 2000 at 10:25:23PM +0100, Rogier Maas wrote:
Dear List,
I have a couple of Shell-Account-users who can chdir to the root, and dir everything in my filesystem. Is there any way to confine them to their homedirectory like ProFTPd can?
Yes, but why bother...
It is posible to confine a user to his/her homedir (see: man (1) chroot), but then you should also make quite a lot binairies (like /bin/cp and /bin/ls) and libraries (like: /lib/...) available in their homedir.
Take a look at chmod (see: man (1) chmod) and learn how to change the permissions on important files/directories.
# chroot /home/user bash chroot: cannot change root directory to /home/user: Operation not permitted # chrot ~ bash chroot: cannot change root directory to /home/user: Operation not permitted eh? Now what.. I don't suppose there is a way so that files cannot be seen? My experiences with Linux are that all users can see all files in a dir they have r-(x), but can't see IN files. I don't want users to be able to SEE them. Impossible? How should I setup my security? Are there howto's? Sites? Rogier -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Thu, Feb 03, 2000 at 12:17:38AM +0100, Rogier Maas wrote:
Cees van de Griend wrote:
On Wed, Feb 02, 2000 at 10:25:23PM +0100, Rogier Maas wrote:
Dear List,
I have a couple of Shell-Account-users who can chdir to the root, and dir everything in my filesystem. Is there any way to confine them to their homedirectory like ProFTPd can?
Yes, but why bother...
It is posible to confine a user to his/her homedir (see: man (1) chroot), but then you should also make quite a lot binairies (like /bin/cp and /bin/ls) and libraries (like: /lib/...) available in their homedir.
Take a look at chmod (see: man (1) chmod) and learn how to change the permissions on important files/directories.
# chroot /home/user bash chroot: cannot change root directory to /home/user: Operation not permitted
# chrot ~ bash chroot: cannot change root directory to /home/user: Operation not permitted
You must be root to do this. Try 'bash -r', but this is not what your users want.
eh? Now what..
I don't suppose there is a way so that files cannot be seen? My experiences with Linux are that all users can see all files in a dir they have r-(x), but can't see IN files. I don't want users to be able to SEE them. Impossible?
It is not important that they are able to see them, they can't change them.
How should I setup my security? Are there howto's? Sites?
Buy and read a good Unix book.
Rogier
Cees -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
why not just use gnupgp or pgp to encrypt what you dont want seen/used... or any other encryption proggie????? Cees van de Griend wrote:
On Thu, Feb 03, 2000 at 12:17:38AM +0100, Rogier Maas wrote:
Cees van de Griend wrote:
On Wed, Feb 02, 2000 at 10:25:23PM +0100, Rogier Maas wrote:
Dear List,
I have a couple of Shell-Account-users who can chdir to the root, and dir everything in my filesystem. Is there any way to confine them to their homedirectory like ProFTPd can?
Yes, but why bother...
It is posible to confine a user to his/her homedir (see: man (1) chroot), but then you should also make quite a lot binairies (like /bin/cp and /bin/ls) and libraries (like: /lib/...) available in their homedir.
Take a look at chmod (see: man (1) chmod) and learn how to change the permissions on important files/directories.
# chroot /home/user bash chroot: cannot change root directory to /home/user: Operation not permitted
# chrot ~ bash chroot: cannot change root directory to /home/user: Operation not permitted
You must be root to do this.
Try 'bash -r', but this is not what your users want.
eh? Now what..
I don't suppose there is a way so that files cannot be seen? My experiences with Linux are that all users can see all files in a dir they have r-(x), but can't see IN files. I don't want users to be able to SEE them. Impossible?
It is not important that they are able to see them, they can't change them.
How should I setup my security? Are there howto's? Sites?
Buy and read a good Unix book.
Rogier
Cees
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (5)
-
cees-list@griend.xs4all.nl -
icarus@guldennet.nl -
noodle@penguinpowered.com -
pthomas@suse.de -
steganos1@home.com