[luau] restricting directory access
Jimen Ching
jching at flex.com
Sat Apr 27 03:12:41 PDT 2002
On Fri, 26 Apr 2002, Warren Togami wrote:
>Local users who have their passwords stolen. This is the greatest threat to
>most multi-user servers.
And yet, many systems do not need to jail their users. If such users
_need_ shell access, preventing them from accessing shell utilities is
equivalent to not providing shell access at all. The question is--what is
the point if all the user can do is 'ls'?
As for user's passwords getting stolen, there are tools to help prevent
this. I.e. mandatory password changes every few months, password
selection checkers, etc.
Like you said, you do not give your users ssh access because they do not
need it. The question is, does Rodney need to give his users ssh access?
If so, why? Would jailing them defeat the purpose of providing shell
access in the first place?
Maybe you haven't been on the receiving side of this. But I learned a lot
about Unix because I had a regular shell account. If I was jailed in my
home directory, I would not have learned as much. It all depends on your
goals.
--jc
--
Jimen Ching (WH6BRR) jching at flex.com wh6brr at uhm.ampr.org
More information about the LUAU
mailing list