From owner-freebsd-current@FreeBSD.ORG Fri Jun 20 14:50:51 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 817D537B401 for ; Fri, 20 Jun 2003 14:50:51 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 755A943F3F for ; Fri, 20 Jun 2003 14:50:50 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h5KLoi1f066987; Fri, 20 Jun 2003 22:50:44 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h5KLoipj066986; Fri, 20 Jun 2003 22:50:44 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h5KLlZHh043626; Fri, 20 Jun 2003 22:47:35 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200306202147.h5KLlZHh043626@grimreaper.grondar.org> To: "Alex Ayala" In-Reply-To: Your message of "Fri, 20 Jun 2003 17:16:11 EDT." Date: Fri, 20 Jun 2003 22:47:35 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-current@freebsd.org Subject: Re: Email accounts on FreeBSD 5.1-RELEASE X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2003 21:50:51 -0000 "Alex Ayala" writes: > Ok, maybe...yes I read what I wrote and didn't quite explain what I really > wanted to say. > > I want to setup accounts on my box so users can retrieve emails by accessing > my pop server. Do I need to setup user accounts on my box with the "adduser" > command? I don't want them to be able to have access to the shell by any > means. Is like when I wanted to give someone access to my ftp server I just > created an account and took out the shell part in the passwd file. Sorry my > english is not the greatest. Trying to explain something and can't find the > right words. > > Is that a bit better to understand? Sort of. But you need to understand how to specify and set up a secure system. What is your threat model? What resources are your (ab)users most likely to throw at you, and what are the consequences if they succeed? How much can you afford to spend to prevent this compared with what you guess they are prepared to spend to attack you? Only you can answer these questions. Once you know the comprehensive answer to these questions, you know what to ask of the software and hardware you investigate to perform the task. While you are asking the questions, _experiment_ with what you have, and look for real-life holes in your setup. Try to think like the attacker you are trying to thwart. Attack yourself. Get paranoid. M -- Mark Murray iumop ap!sdn w,I idlaH