|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Devdas Bhagat (dvb_at_users.sourceforge.net)
Date: Sat Dec 21 2002 - 11:25:25 CST
On 20/12/02 22:52 +0100, Christian Hammers wrote:
<snip>
> I'm wondering why I would want that - until now nobody could give me a
> good argument although everybody learns to remove the shells :-(
>
> * If I give my users a disabled password, they cannot¹ login via passwd
> based ssh/ftp/pop3 etc.
Keys. ssh-keygen.
> * But, on the other hand, I can have a
> su news -c /usr/local/script_running_as_user_news.sh
su - news -s /bin/sh -c "/path/to/script taking arguments"
> Any hints?
Administrators have to close all holes, crackers need just one.
Why leave something that might be misused?
After all, hardening a box involves restricting what can be done by what
users.
Devdas Bhagat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]