On Thu, 12 Feb 1998, Paul Miller wrote: : : hmm... how would that stop users from running programs they copied onto my : server?
Mount the /home partition noexec. In fact, make sure any user writable partition is mounted noexec. If your users can copy files to /usr, then you've got a fairly big problem. Note that this doesn't keep the user from running shell scripts, or perl scripts, or any other interpreted scripts, unless you limit access to interpreters (including shells). Of course, you could mount the /home directory read-only, but that limits its utility. In other words, it requires a lot of planning and work. If you have users you don't trust that much, why are you giving them shell access in the first place? : : On Thu, 12 Feb 1998, A. M. Varon wrote: : : > On Wed, 11 Feb 1998, Paul Miller wrote: : > : > > Is there any way to do this for only certain groups? : > : > what I do is chmod 550 and chown root.staff the /bin, /sbin, /usr/sbin, : > and /usr/bin etc. : > : > Where the group staff could be you. All others connot access the binaries : > or whatever. : > : > regards, : > : > == ========== Andre M. Varon Lasaltech Incorporated : > == == ==== Technical Head Fax-Tel: (034)435-0836 : > == ===== == : > == == == E-mail : [EMAIL PROTECTED] : > ======== == WebPage : www.lasaltech.com/andre.html : > : > : : : -- : TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to : [EMAIL PROTECTED] . : Trouble? e-mail to [EMAIL PROTECTED] . : : -- Nathan Norman MidcoNet - 410 South Phillips Avenue - Sioux Falls, SD 57104 phone: (605) 334-4454 fax: (605) 335-1173 mailto://[EMAIL PROTECTED] http://www.midco.net PGP Key ID: 0xA33B86E9 - Public key available at keyservers PGP Key fingerprint: CE03 10AF 3281 1858 9D32 C2AB 936D C472 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
