Date: Thu, 27 Jan 2000 17:24:16 -0600 From: Dan Nelson <dnelson@emsphone.com> To: Emre <emre@iris.vsrc.uab.edu> Cc: freebsd-current@FreeBSD.ORG Subject: Re: .bash_history and permissions Message-ID: <20000127172415.A19202@dan.emsphone.com> In-Reply-To: <20000127155328.A32492@iris.vsrc.uab.edu>; from "Emre" on Thu Jan 27 15:53:28 GMT 2000 References: <20000127155328.A32492@iris.vsrc.uab.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jan 27), Emre said: > I'm running FreeBSD 4.0 from Dec. 26 1999. This should be on the "general > questions" malininglist, but I thought maybe there is something that changed > from -stable to -current that does this: > > I'm trying to limit permissions on .bash_history. There have been users > on my server that have linked .bash_history to /dev/null and then been > doing some cracking, and attacking other servers. To limit this (or at > least trying to control it) I tried to take out write permission for > group and others, thinking that will stop the users from trying to mod- > ify the file. That didn't work! Even if I did "chmod 000 .bash_history" > users still could delete the file or modify it. So I thought maybe if I > just change the group or the owner of the file, it would fix the problem > that didn't work either...now it wouldn't log the commands to the history > file anymore. Are you also running a modified bash that removes the HISTFILE and HISTFILESIZE environment variables, and have you also removed /bin/sh and all other shells that don't log commands (* NOTE: do not remove /bin/sh *) ? > So I was wondering, do any of you gurus and bofh know how to fix this? > This is very imporant for me, I'd be _very_ thankful if anyone could > help me fix this problem. > > (PS: In other's OSs i.e Solaris or Linsucks, changing the perms seemd > to work, just not in FreeBSD) Delete permission comes from the directory, not the file. No amount of chmod'ing the file will affect it. Under FreeBSD, you can run "chflags sappnd,sunlnk .bash_history" to make the file undeletable, append-only. Under other Unixes, the user can simply do a "cp /dev/null ~/.bash_history && kill -9 $$" to log out with no history file. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000127172415.A19202>