Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Devdas Bhagat (dvb_at_users.sourceforge.net)
Date: Sat Dec 21 2002 - 11:25:25 CST
On 20/12/02 22:52 +0100, Christian Hammers wrote:
> I'm wondering why I would want that - until now nobody could give me a
> good argument although everybody learns to remove the shells :-(
> * If I give my users a disabled password, they cannot¹ login via passwd
> based ssh/ftp/pop3 etc.
> * But, on the other hand, I can have a
> su news -c /usr/local/script_running_as_user_news.sh
su - news -s /bin/sh -c "/path/to/script taking arguments"
> Any hints?
Administrators have to close all holes, crackers need just one.
Why leave something that might be misused?
After all, hardening a box involves restricting what can be done by what