From owner-freebsd-security Mon Apr 1 23:28:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from gamma.star.spb.ru (gamma.star.spb.ru [217.195.79.1]) by hub.freebsd.org (Postfix) with ESMTP id 21ABA37B416 for ; Mon, 1 Apr 2002 23:28:04 -0800 (PST) Received: from green.star.spb.ru (green.star.spb.ru [217.195.79.10]) by gamma.star.spb.ru (8.9.3/8.9.3) with ESMTP id LAA25607; Tue, 2 Apr 2002 11:27:53 +0400 (MSD) Received: from IBMKA.star.spb.ru (217.195.79.241 [217.195.79.241]) by green.star.spb.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id GY0AJ19X; Tue, 2 Apr 2002 11:27:37 +0400 Date: Tue, 2 Apr 2002 11:27:47 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A.Kritsky" X-Priority: 3 (Normal) Message-ID: <9974775811.20020402112747@internethelp.ru> To: "Jesper Wallin" Cc: Hostmaster@Video2Video.Com, security@FreeBSD.ORG Subject: Re[2]: Stop usage of 'who'? [doing things the hard way] In-reply-To: <1907.213.112.58.125.1017731788.squirrel@phucking.kicks-ass.org> References: <20020402005030.D5931-100000@earl-grey.cloud9.net> <1907.213.112.58.125.1017731788.squirrel@phucking.kicks-ass.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Jesper, Tuesday, April 02, 2002, 11:16:28 AM, you wrote: >> On Tue, 2 Apr 2002, Jesper Wallin wrote: >>> Hey.. This night I was taking a look at the local security and decided >>> to make this system more like a it was a huge wall between all the >>> users.. The first thing I wanted to do was to limit the access to top >>> and ps.. This was done >> >> Did you want to limit the access to the top and ps binaries (type `man >> chmod ; man chgrp`) or limit the information these binaries display? >> JW> eeeh?! How can that help me out? They just need to copy thier own bins from JW> thier own system then? AFAIK top must be sgid kmem to run. and, as somebody had already mentioned, ps can be restricted with kern.ps_showallprocs=0. >>> users.. I guess it must be able to change somewhere in the proc dir >>> instead of changing the permissons on all the executables.. >> >> What? >> JW> What i ment was the log files.. sorry about that.. Just chmod the JW> executables (optional) and change /var/run/utmp.. if you want to disable JW> last(1) and lastlogin too, just simply chmod the /var/log/wtmp and JW> /var/log/lastlog. >>> Another thing I want to do (if it's possible) is to add a default >>> quota.. >> >> I love when people ask if something is possible! Ahem, this is >> FreeBSD?! >> JW> I know! I know! :) and it really owns! :) >>> like, all new users who's being added will have about 500Mb of disk >>> space.. >> >> In the /etc/rc.conf file >> enable_quotas="NO" # turn on quotas on startup (or NO). >> check_quotas="NO" # Check quotas on startup (or NO). >> accounting_enable="YES" # Turn on process accounting (or NO). >> >> Change the first two to "YES" and also check out `man quota` for info. >> JW> I didn't mean that, I ment, when I add a user, the files in /usr/share/skel JW> will be copied to the users home dir. I want his/her quota to be changed at JW> the same time so I don't need to change it manually.. use quota for group "lusers" ? man quota |grep -2 -e "-g" man login.conf >>> Jesper aka Z3l3zT >> >> What's a "zelezt?" >> JW> I lame computer geek who's too lazy to rtfm at 09:16AM with not an minute of JW> sleep? ;) >> -- >> Peter Leftwich >> President & Founder >> Video2Video Services >> Box 13692, La Jolla, CA, 92039 USA >> +1-413-403-9555 JW> //Jesper aka Z3l3zT JW> To Unsubscribe: send mail to majordomo@FreeBSD.org JW> with "unsubscribe freebsd-security" in the body of the message ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message