Date: Tue, 25 Nov 1997 12:25:23 -0800 (PST) From: Doug White <dwhite@gdi.uoregon.edu> To: Alberto Johnson <ajohnson@panama.c-com.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: FTP inquiry Message-ID: <Pine.BSF.3.96.971125121907.17459D-100000@gdi.uoregon.edu> In-Reply-To: <3.0.1.32.19971125135449.006d8b88@panama.c-com.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Nov 1997, Alberto Johnson wrote: > I have notice that my users are starting to think (not good for keeping > security). My users are becoming very clever every day, and they are trying > to pull a few tricks try to break in or gader information of my mail server > using ftp. for example: > > 1. they tried to download the password file I assume that failed. > 2. they tried to enter orther users directories There isn't much you can do about that, other than make the home dirs with perms 700, but that could create problems. I'd have to try it. > 3. they tried to get a directory list form"/usr/home", paste this list on a > spread sheet, add the @domain.com, final result Easy fix: chmod -r /usr/home Now they can't see into /usr/home but they can chdir into it and into the home directories as normal. > Now this server is also use to post Home pages, so i cannot deny access to > every body. because they would like to be able upload and download there > files from there "/usr/home/userXX" directory. Well, /usr/home/userxx/public_html/ if you set up the web server properly. > is there a way to keep a user on his home directory, where his html file > are, and prevent him from going out his home directory and start woundering > around. if this is not posible, at least deny him view (read) access to the > home directory structure. The Web server won't allow arbitrary access to the filesystem. They either go into your server_root or they go into ~user/public_html (in the apache default setup). If a user makes a link to /etc/passwd from a personal homepage, then there isn't much you can do about that other than remove read access to those files or directories. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971125121907.17459D-100000>