Date: Sat, 1 Jun 1996 08:18:12 -0600 From: Sean Kelly <kelly@fsl.noaa.gov> To: dbabler@Rigel.orionsys.com Cc: questions@freebsd.org Subject: Re: Limiting access Message-ID: <199606011418.OAA26468@gatekeeper.fsl.noaa.gov> In-Reply-To: <Pine.BSF.3.91.960531170148.29128C-100000@Rigel.orionsys.com> (message from David Babler on Fri, 31 May 1996 17:09:24 -0700 (PDT))
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "David" == David Babler <dbabler@Rigel.orionsys.com> writes:
David> I assume the real problem would be if a user just deleted
David> the stock .rhosts in their directory and replaced it with
David> one of their own, thus making that a trusted system. I
David> believe if I change permissions so they can't delete the
David> file, I'm okay, yes?
Yes, but that would mean changing owners on users' home directories.
To prevent users from removing the .rhosts file, you'd have to make
sure they didn't own their own home directories. And since they
didn't own them, they couldn't create any new files or subdirectories
unless you gave them appropriate permissions---and then they'd be able
to remove and create a new .rhosts file. (But some clever combination
of owner, mode, and sticky bit might work.)
Probably the right answer is to use the /etc/login.access file.
See login.access(5) and the sample, commented-out entries in
/etc/login.access.
--
Sean Kelly
NOAA Forecast Systems Laboratory kelly@fsl.noaa.gov
Boulder Colorado USA http://www-sdd.fsl.noaa.gov/~kelly/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606011418.OAA26468>