Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ssh quirks...

From: dagon () DAGON NET (Mark Rafn)
Date: Tue, 28 Dec 1999 11:37:49 -0800

On Tue, 28 Dec 1999, Kev wrote:


If, for whatever insane reason, you don't want your users knowing anyone
else's home directory, you can remove world read perms from /etc/passwd,
and make /home mode 511.  Not that anyone would recommend that...


of course, removing world read perms from /etc/passwd would break so many
things it isn't even funny.  One of the things that would be broken would
be the shell.


Indeed.  This is getting offtopic, but please don't suggest things that
you haven't tried.  Messing with permissions on files and directories that
are used by a lot of applications is a recipe for disaster, and very
rarely add any security.

Unix is designed for users who mostly cooperate with each other.  If they
need to be kept totally in the dark on an aspect of the system (e.g.
other users, information in /etc/password), your best option is to set up
a chroot environment for each of them.  Then you CAN completely control
what they see.

--
Mark Rafn    dagon () dagon net    <http://www.dagon.net/>   !G
Previous By Date Next
Previous By Thread Next

Current thread: