limitation of user a/c ( telnet service )

edwardspl at ita.org.mo edwardspl at ita.org.mo
Wed Feb 7 12:52:09 UTC 2007 

Les wrote:

>On Wed, 2007-02-07 at 12:44 +0800, edwardspl at ita.org.mo wrote:
>  
>
>>Sam Varshavchik wrote:
>>    
>>
>>>edwardspl at ita.org.mo writes: 
>>>
>>>      
>>>
>>>>蝡? HTML content follows 蝵? 
>>>>Les wrote: 
>>>>        
>>>>
>>>>>On嚙確ue,嚙?2007-02-06嚙窮t嚙?23:06嚙?
>>>>>+0800,嚙?<URL:mailto:edwardspl at ita.org.mo>edwar
>>>>>dspl at ita.org.mo嚙緩rote: 
>>>>>嚙踝蕭 
>>>>>
>>>>>          
>>>>>
>>>>>>Dear嚙璀ll, 
>>>>>>
>>>>>>How嚙箱an嚙緩e嚙締imit嚙窮嚙線ser嚙窮/c嚙緩hen嚙緣elnet嚙緣o嚙緣he嚙編erver嚙?: 
>>>>>>eg嚙?: 
>>>>>>
>>>>>>[edward at svr1嚙羯]$嚙締s嚙?-l嚙?-a 
>>>>>>total嚙?36 
>>>>>>drwx------嚙?3嚙箴dward嚙箴dward嚙?4096嚙瘤eb嚙踝蕭6嚙?22:51嚙?. 
>>>>>>drwxr-xr-x嚙?5嚙緝oot嚙踝蕭嚙緝oot嚙踝蕭嚙?4096嚙瘤eb嚙踝蕭6嚙?22:50嚙?.. 
>>>>>>-rw-------嚙?1嚙箴dward嚙箴dward嚙踝蕭嚙?14嚙瘤eb嚙踝蕭6嚙?22:52嚙?.bash_history 
>>>>>>-rw-r--r--嚙?1嚙箴dward嚙箴dward嚙踝蕭嚙?24嚙瘤eb嚙踝蕭6嚙?22:50嚙?.bash_logout 
>>>>>>-rw-r--r--嚙?1嚙箴dward嚙箴dward嚙踝蕭176嚙瘤eb嚙踝蕭6嚙?22:50嚙?.bash_profile 
>>>>>>-rw-r--r--嚙?1嚙箴dward嚙箴dward嚙踝蕭124嚙瘤eb嚙踝蕭6嚙?22:50嚙?.bashrc 
>>>>>>drwxr-xr-x嚙?3嚙箴dward嚙箴dward嚙?4096嚙瘤eb嚙踝蕭6嚙?22:50嚙?.kde 
>>>>>>-rw-r--r--嚙?1嚙箴dward嚙箴dward嚙踝蕭658嚙瘤eb嚙踝蕭6嚙?22:50嚙?.zshrc 
>>>>>>[edward at svr1嚙羯]$ 
>>>>>>
>>>>>>Prevent嚙線ser嚙?"edward"嚙篆rom嚙範oing嚙緣he嚙篆ollowing嚙?: 
>>>>>>modify嚙?/嚙範el嚙緣he嚙箴xiting嚙篆iles嚙?(嚙範efault嚙箭y嚙緣he嚙編ystem嚙?). 
>>>>>>
>>>>>>Allow嚙線ser嚙?"edward"嚙箱reate嚙?/嚙範el嚙?/嚙練odify嚙緻ther嚙篁is嚙緻wn嚙篆iles嚙?/嚙範irs. 
>>>>>>
>>>>>>Edward. 
>>>>>>--嚙? 
>>>>>>嚙踝蕭嚙踝蕭 
>>>>>>            
>>>>>>
>>>>>Have嚙緝oot嚙箱reate嚙緣he嚙篆iles嚙緩ith嚙緝oot嚙窮ccess,嚙緣hen嚙緘ut嚙緣he嚙緩orld嚙緝ead嚙窮nd 
>>>>>execute嚙緘rivilege嚙緻n嚙緣hem.嚙踝蕭Only嚙緝oot嚙箱an嚙緣hen嚙練odify嚙緣hem. 
>>>>>
>>>>>Regards, 
>>>>>Les嚙瘡 
>>>>>
>>>>>嚙踝蕭 
>>>>>          
>>>>>
>>>>But when user "edward" login to the server by the telnet service,
>>>>then he can modify the dot file... 
>>>>        
>>>>
>>>1) No, he can't.  Not if the file is owned by root, with no other
>>>permissions. 
>>>
>>>2) If you allow telnet access, you have more problems to worry
>>>about.  Such as anyone with access to your local network, or your
>>>Internet provider's network, being able to capture your login
>>>passwords. 
>>>
>>>
>>>      
>>>
>>For the point 1, user edward he can modify / delete the dot file....
>>-- 
>>    
>>
>Is user edward a superuser?  If so, that will cause edward to be able to
>change any file he wants, regardless of permissions or any other action
>you may take.
>
>Regards,
>Les H
>
>  
>
Hello to you,

User "edward" is a normal user account...

Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20070207/f20d7100/attachment-0002.html

More information about the users mailing list