Re: Security Risks?

Robert Soros Sat, 05 Aug 2000 19:32:07 -0700
You can go about this another way, with their group id.. for example the
following files

ls hawah* hedge* -al

-rw-rw-r--   1 root     robert         20 Jun 24 10:57 hawahian.email
-rw-r--r--   1 root     robert         24 Jun 29 23:59 hedges.phone

  ^  ^         ^          ^
  |  |         |          | 
  |  --------- | ---------------- Group  
   ------------| ---------------- Owner (user if you will)

Both are owned by user root, and root has read and write permission on
both files..
but the group id on the files robert allows write privelages on ONLY
hawahian.email..

this concept can be extended further in practice. For example, everybody
that you believe
should have read/write access to /var/log/secure, might be placed in
Group "Admins"

ADMINS:x:500:veronica,robert,steve,tom,fred,alica

then change the permissions and chmod /var/log/secure to something like 


        chmod 664 /var/log/secure
        chown root:ADMINS /var/log/secure
        ls /var/log/secure -al
        
        -rw-rw----   1 root     ADMINS       811 Aug  2 04:13
        /var/log/secure


anybody outside of the the ADMINS group (or root) should not be able to
read/write this file

chmod can also be used with letters if you wish, instead of numerically
(ie.  

       chmod o+rw,g+rw,u-rwx /var/log/secure


Using groups is a much better solution IMO, as in your case, each user
will be able to 
enter each others private directory spaces and read write and destroy
:)  That in my opinion
is a security hazard. (if they can get into the system.. and there are
more methods than just
tellnetting)




Robert Soros
[EMAIL PROTECTED]
http://soros.ath.cx

> Hi everyone once again ;)
> 
> I was wondering what would be the security risks if users that don't have
> any ssh/telnet/ftp, basically no interactive access to a machine, if they
> all used the same UID?
> 
> The useradd prog lets me use the same UID as long as the -o option is passed
> to it. Now I know if one does break in they would be able to read every
> shared UID's mail, anything else though really?
> 
> I tried this on a test box, sendmail and imap ( using pop3 daemon ) seem to
> behave nicely.
> 
> So really is their any real security risks as long as the users are kept out
> of the box?
> 
> Thanks again,
> Steven
> 
> 
> 
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
> 



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Security Risks?

Reply via email to
