Date: Tue, 12 Oct 1999 18:47:41 -0600 From: "Ryan Thompson [FreeBSD]" <freebsd@sasknow.com> To: freebsd-isp@freebsd.org Subject: Re: Chroot and ~/bin, ~/etc. Better way? Message-ID: <3803D6AD.F9452825@sasknow.com>
next in thread | raw e-mail | index | archive | help
Hi, Greg Greg W wrote: > > Hi > > went to your FTP looking for this, but could not find it...... I just checked it from a remote machine... Works fine. You should be able to grab it. The location again (anonymous login) is: ftp.sasknow.com/pub/perl/makehome.pl (8753 bytes) > Is there a problem copying all files in /bin /lib to each users dir ? You mean copying ALL files from your system /bin directory, for example? I suppose there is no "yes or no" answer to this question... It all depends on how much access you want to provide your users. If you're considering this, I urge you to have a close look at what you have in your /bin directory and understand exactly what it is you are allowing users to do. For the most part, if you have set permissions correctly on files they have access to, your users can't get into a lot of trouble with the files in /bin... HOWEVER, they still have access to cp, rm, ps, kill, (c)sh, and so on. ps -ax allows a user to see all currently running processes. (Possibly pointing to security holes in your implementation). If a user has write access to any directory (public_html for example), cp and mkdir can fill up a filesystem pretty fast if you haven't set a quota for the user.. A cleverly (or not so cleverly!) designed loop in a shell script could bring the average system to its knees... Basically, use your head. Be careful of permissions. If users don't need access to a program, don't give it to them. Make sure you know exactly what you are enabling. > I figure if they start playin round I will know pretty quick cause they will > be complaining of no FTP.... chown root:wheel * chmod 755 * ... Ensures they won't be deleting any binaries by accident. :-) Read the manpage for ftpd very carefully; if you follow the basic outline specified there, you should be ok. > > I am interested in the script though It ought to be there... If you are really having problems connecting, I can send it via email... But you shouldn't have any problems connecting :-) Virtually yours, - Ryan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3803D6AD.F9452825>