Date: Tue, 2 Apr 2002 11:27:47 +0400 From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> To: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org> Cc: Hostmaster@Video2Video.Com, security@FreeBSD.ORG Subject: Re[2]: Stop usage of 'who'? [doing things the hard way] Message-ID: <9974775811.20020402112747@internethelp.ru> In-Reply-To: <1907.213.112.58.125.1017731788.squirrel@phucking.kicks-ass.org> References: <20020402005030.D5931-100000@earl-grey.cloud9.net> <1907.213.112.58.125.1017731788.squirrel@phucking.kicks-ass.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Jesper, Tuesday, April 02, 2002, 11:16:28 AM, you wrote: >> On Tue, 2 Apr 2002, Jesper Wallin wrote: >>> Hey.. This night I was taking a look at the local security and decided >>> to make this system more like a it was a huge wall between all the >>> users.. The first thing I wanted to do was to limit the access to top >>> and ps.. This was done >> >> Did you want to limit the access to the top and ps binaries (type `man >> chmod ; man chgrp`) or limit the information these binaries display? >> JW> eeeh?! How can that help me out? They just need to copy thier own bins from JW> thier own system then? AFAIK top must be sgid kmem to run. and, as somebody had already mentioned, ps can be restricted with kern.ps_showallprocs=0. >>> users.. I guess it must be able to change somewhere in the proc dir >>> instead of changing the permissons on all the executables.. >> >> What? >> JW> What i ment was the log files.. sorry about that.. Just chmod the JW> executables (optional) and change /var/run/utmp.. if you want to disable JW> last(1) and lastlogin too, just simply chmod the /var/log/wtmp and JW> /var/log/lastlog. >>> Another thing I want to do (if it's possible) is to add a default >>> quota.. >> >> I love when people ask if something is possible! Ahem, this is >> FreeBSD?! >> JW> I know! I know! :) and it really owns! :) >>> like, all new users who's being added will have about 500Mb of disk >>> space.. >> >> In the /etc/rc.conf file >> enable_quotas="NO" # turn on quotas on startup (or NO). >> check_quotas="NO" # Check quotas on startup (or NO). >> accounting_enable="YES" # Turn on process accounting (or NO). >> >> Change the first two to "YES" and also check out `man quota` for info. >> JW> I didn't mean that, I ment, when I add a user, the files in /usr/share/skel JW> will be copied to the users home dir. I want his/her quota to be changed at JW> the same time so I don't need to change it manually.. use quota for group "lusers" ? man quota |grep -2 -e "-g" man login.conf >>> Jesper aka Z3l3zT >> >> What's a "zelezt?" >> JW> I lame computer geek who's too lazy to rtfm at 09:16AM with not an minute of JW> sleep? ;) >> -- >> Peter Leftwich >> President & Founder >> Video2Video Services >> Box 13692, La Jolla, CA, 92039 USA >> +1-413-403-9555 JW> //Jesper aka Z3l3zT JW> To Unsubscribe: send mail to majordomo@FreeBSD.org JW> with "unsubscribe freebsd-security" in the body of the message ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9974775811.20020402112747>