Re: limitation of user a/c ( telnet service )

edwardspl@xxxxxxxxxx writes:

« HTML content follows »
Les wrote:
On Tue, 2007-02-06 at 23:06 +0800, <URL:mailto:edwardspl@xxxxxxxxxx>edwar dspl@xxxxxxxxxx wrote:
  

Dear All,

How can we limit a user a/c when telnet to the server :
eg :

[edward@svr1 ~]$ ls -l -a
total 36
drwx------ 3 edward edward 4096 Feb  6 22:51 .
drwxr-xr-x 5 root   root   4096 Feb  6 22:50 ..
-rw------- 1 edward edward   14 Feb  6 22:52 .bash_history
-rw-r--r-- 1 edward edward   24 Feb  6 22:50 .bash_logout
-rw-r--r-- 1 edward edward  176 Feb  6 22:50 .bash_profile
-rw-r--r-- 1 edward edward  124 Feb  6 22:50 .bashrc
drwxr-xr-x 3 edward edward 4096 Feb  6 22:50 .kde
-rw-r--r-- 1 edward edward  658 Feb  6 22:50 .zshrc
[edward@svr1 ~]$

Prevent user "edward" from doing the following :
modify / del the exiting files ( default by the system ).

Allow user "edward" create / del / modify other his own files / dirs.

Edward.
-- 
    
Have root create the files with root access, then put the world read and
execute privilege on them.  Only root can then modify them.

Regards,
Les H

  
But when user "edward" login to the server by the telnet service, then he can modify the dot file...

1) No, he can't. Not if the file is owned by root, with no other permissions.

2) If you allow telnet access, you have more problems to worry about. Such as anyone with access to your local network, or your Internet provider's network, being able to capture your login passwords.


Attachment: pgpSlDN5mWZ7P.pgp
Description: PGP signature

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: limitation of user a/c ( telnet service )
    ... But when user "edward" login to the server by the telnet service, ... If you allow telnet access, you have more problems to worry about. ... Such as anyone with access to your local network, ...
    (Fedora)
  • [NEWS] IBM Infoprint Remote Management DoS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... properly check user input, namely the login name. ... After the DoS condition has occurred, the Telnet service on the printer ... will continue accepting connections but will no longer display a login ...
    (Securiteam)
  • Re: IBM Infoprint Remote Management Simple DoS
    ... >has a DoS vulnerability. ... >properly check user input, namely the login name. ... and the Telnet service will refuse to allow ... >will continue accepting connections but will no longer display a login ...
    (Bugtraq)
  • Re: SYSTEM HANG - NATD running FINE
    ... natd for my local network. ... Natd still works fine and routes information ... the login - it just hangs there. ... to recover without rebooting. ...
    (freebsd-questions)
  • Users login configuration
    ... i have a freebsd server connected in local network behind a router. ... is there a way to configure the sshd to allow to login some users with their passwords only from the local network and to allow login other users only with key pairs from the internet? ...
    (freebsd-questions)