limitation of user a/c ( telnet service )
Sam Varshavchik
mrsam at courier-mta.com
Wed Feb 7 04:25:39 UTC 2007
edwardspl at ita.org.mo writes:
> « HTML content follows »
> Les wrote:
>> On Tue, 2007-02-06 at 23:06 +0800, <URL:mailto:edwardspl at ita.org.mo>edwar
>> dspl at ita.org.mo wrote:
>>
>>
>>> Dear All,
>>>
>>> How can we limit a user a/c when telnet to the server :
>>> eg :
>>>
>>> [edward at svr1 ~]$ ls -l -a
>>> total 36
>>> drwx------ 3 edward edward 4096 Feb 6 22:51 .
>>> drwxr-xr-x 5 root root 4096 Feb 6 22:50 ..
>>> -rw------- 1 edward edward 14 Feb 6 22:52 .bash_history
>>> -rw-r--r-- 1 edward edward 24 Feb 6 22:50 .bash_logout
>>> -rw-r--r-- 1 edward edward 176 Feb 6 22:50 .bash_profile
>>> -rw-r--r-- 1 edward edward 124 Feb 6 22:50 .bashrc
>>> drwxr-xr-x 3 edward edward 4096 Feb 6 22:50 .kde
>>> -rw-r--r-- 1 edward edward 658 Feb 6 22:50 .zshrc
>>> [edward at svr1 ~]$
>>>
>>> Prevent user "edward" from doing the following :
>>> modify / del the exiting files ( default by the system ).
>>>
>>> Allow user "edward" create / del / modify other his own files / dirs.
>>>
>>> Edward.
>>> --
>>>
>> Have root create the files with root access, then put the world read and
>> execute privilege on them. Only root can then modify them.
>>
>> Regards,
>> Les H
>>
>>
> But when user "edward" login to the server by the telnet service, then he
> can modify the dot file...
1) No, he can't. Not if the file is owned by root, with no other
permissions.
2) If you allow telnet access, you have more problems to worry about. Such
as anyone with access to your local network, or your Internet provider's
network, being able to capture your login passwords.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070206/246f6e8c/attachment-0002.bin
More information about the users
mailing list