From owner-freebsd-current Thu Jan 27 15:24:23 2000 Delivered-To: freebsd-current@freebsd.org Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by hub.freebsd.org (Postfix) with ESMTP id 7AF231586E for ; Thu, 27 Jan 2000 15:24:20 -0800 (PST) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.9.3/8.9.3) id RAA20910; Thu, 27 Jan 2000 17:24:16 -0600 (CST) (envelope-from dan) Date: Thu, 27 Jan 2000 17:24:16 -0600 From: Dan Nelson To: Emre Cc: freebsd-current@FreeBSD.ORG Subject: Re: .bash_history and permissions Message-ID: <20000127172415.A19202@dan.emsphone.com> References: <20000127155328.A32492@iris.vsrc.uab.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000127155328.A32492@iris.vsrc.uab.edu>; from "Emre" on Thu Jan 27 15:53:28 GMT 2000 X-OS: FreeBSD 4.0-CURRENT Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In the last episode (Jan 27), Emre said: > I'm running FreeBSD 4.0 from Dec. 26 1999. This should be on the "general > questions" malininglist, but I thought maybe there is something that changed > from -stable to -current that does this: > > I'm trying to limit permissions on .bash_history. There have been users > on my server that have linked .bash_history to /dev/null and then been > doing some cracking, and attacking other servers. To limit this (or at > least trying to control it) I tried to take out write permission for > group and others, thinking that will stop the users from trying to mod- > ify the file. That didn't work! Even if I did "chmod 000 .bash_history" > users still could delete the file or modify it. So I thought maybe if I > just change the group or the owner of the file, it would fix the problem > that didn't work either...now it wouldn't log the commands to the history > file anymore. Are you also running a modified bash that removes the HISTFILE and HISTFILESIZE environment variables, and have you also removed /bin/sh and all other shells that don't log commands (* NOTE: do not remove /bin/sh *) ? > So I was wondering, do any of you gurus and bofh know how to fix this? > This is very imporant for me, I'd be _very_ thankful if anyone could > help me fix this problem. > > (PS: In other's OSs i.e Solaris or Linsucks, changing the perms seemd > to work, just not in FreeBSD) Delete permission comes from the directory, not the file. No amount of chmod'ing the file will affect it. Under FreeBSD, you can run "chflags sappnd,sunlnk .bash_history" to make the file undeletable, append-only. Under other Unixes, the user can simply do a "cp /dev/null ~/.bash_history && kill -9 $$" to log out with no history file. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message