[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: [suse-security] sftp with no ssh login



> 1.- created a .bashrc fila with a logout on the first line for all users
> (Just one)
> 2.- Change shell to bash for all this users.
> 3.- chown root .bashrc
> 4.- chmod 555 .bashrc
> 
> And there you go!
> 
> Do you find a hole on that?
Yes ... user can still remove it, because he owns his home directory and
has therefore delete rights. You COULD set the permissions like in /tmp
(1755), but I ask myself, why you don't use scponly or rssh as shell, as I
suggested? They are designed for your purpose. No clumsy scripts and
permissions necessary!

Markus
-- 
__________________    /"\ 
Markus Gaugusch       \ /    ASCII Ribbon Campaign
markus(at)gaugusch.at  X     Against HTML Mail
                      / \

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here