[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fw: [suse-security] sftp with no ssh login
> 1.- created a .bashrc fila with a logout on the first line for all users
> (Just one)
> 2.- Change shell to bash for all this users.
> 3.- chown root .bashrc
> 4.- chmod 555 .bashrc
> And there you go!
> Do you find a hole on that?
Yes ... user can still remove it, because he owns his home directory and
has therefore delete rights. You COULD set the permissions like in /tmp
(1755), but I ask myself, why you don't use scponly or rssh as shell, as I
suggested? They are designed for your purpose. No clumsy scripts and
Markus Gaugusch \ / ASCII Ribbon Campaign
markus(at)gaugusch.at X Against HTML Mail
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here