Bugtraq mailing list archives
Re: /etc/shells (was Re: procmail)
From: abauer () gw jmpstart com (Adam Bauer)
Date: Thu, 8 Aug 1996 15:21:18 -0400
At 09:47 AM 8/8/96 -0400, der Mouse wrote:
I can see only two solutions. One would be to make each service maintain its own list of users that are forbidden (or, alternatively, allowed); the other would be to extend the passwd database (or, equivalently, maintain a parallel database) so as to allow tagging each user with arbitrary flags like "ftp access allowed" or "mail forward to pipe forbidden".
I like the parallel database idea. That way it's not in /etc/passwd, which in non-shadow-password machines is world-readable. Only suid root programs can read who has what access - access information is 'on a need to know basis'. How about /etc/access? (or /etc/useraccess?) -------------- username:comment:ftp:use_dot_files:shell:chroot:etc:etc -------------- username, comment self explanatory ftp boolean - can user ftp to home directory? use_dot_files boolean - should programs use user's dotfiles? (like .forward, .profile, etc) shell boolean - can user obtain an interactive login shell? chroot boolean - should user be chrooted to his home directory? (for the super-paranoid) etc programs should allow extra fields and ignore them, for future expansion -------------- use_dot_files can prevent many, many hacks. Giving users interactive logins without the ability to screw up .rhosts, .forward, .profile, .xauth, etc would be great. With shell, either the user can get in (command prompt), or he can't. If the user tries to get in, disable his account, and make him call tech support. Any other fields? Now just convince everybody to use this.. <grin> - Adam Bauer abauer () jmpstart com JumpStart Systems Computer and Network Administrator http://www.jmpstart.com
Current thread:
- Re: /etc/shells (was Re: procmail, (continued)
- Re: /etc/shells (was Re: procmail Shaun Lowry (Aug 09)
- Re: /etc/shells (was Re: procmail) Rob Payne (Aug 08)
- Re: /etc/shells (was Re: procmail) Eugene Bradley (Aug 08)
- Re: /etc/shells (was Re: procmail) Valdis.Kletnieks () vt edu (Aug 08)
- Re: /etc/shells (was Re: procmail) Todd Vierling (Aug 08)
- Re: /etc/shells (was Re: procmail) Julian Assange (Aug 08)
- Re: /etc/shells (was Re: procmail) Theo de Raadt (Aug 08)
- Re: /etc/shells (was Re: procmail) Sam Quigley (Aug 08)
- Re: /etc/shells (was Re: procmail) W Lee Nussbaum (Aug 08)
- Re: /etc/shells (was Re: procmail) Douglas Song (Aug 08)
- Re: /etc/shells (was Re: procmail) Adam Bauer (Aug 08)