On Tue, Mar 28, 2000 at 02:47:57PM +0200, Christian Surchi wrote:
> On Mon, Mar 27, 2000 at 05:34:45PM -0900, Ethan Benson wrote:
> > read the rest of my message! yes i am familier with it, its fine for
> > *nix users and for the paranoid on lessor OSes, but when it comes to
> > telling *users* of
On Mon, Mar 27, 2000 at 05:34:45PM -0900, Ethan Benson wrote:
> read the rest of my message! yes i am familier with it, its fine for
> *nix users and for the paranoid on lessor OSes, but when it comes to
> telling *users* of say MacOS to give up thier pretty GUI drag and
> drop, point and drool ft
On Mon, Mar 27, 2000 at 02:56:57PM -0500, John F. Davis wrote:
> On Mon, Mar 27, 2000 at 12:42:24PM -0600, Matthew W. Roberts wrote:
> > > > as far as i have been able to find,
> > > > there is no suitable, secure, replacement for ftp (why!?!?!)
>
> Are you familiar with scp? I use putty's pscp f
On Mon, Mar 27, 2000 at 12:42:24PM -0600, Matthew W. Roberts wrote:
> > > as far as i have been able to find,
> > > there is no suitable, secure, replacement for ftp (why!?!?!)
Are you familiar with scp? I use putty's pscp for scp transfers between
windows and linux. You ought to try it. It roc
> > as far as i have been able to find,
> > there is no suitable, secure, replacement for ftp (why!?!?!)
>
> Ask Bill...
Gates or Clinton?
Seminary
On Sun, 26 Mar 2000, Pollywog wrote:
> Date: Sun, 26 Mar 2000 20:20:15 - (UTC)
> From: Pollywog <[EMAIL PROTECTED]>
> To: debian-user list
> Subject: Re: Limiting user access in ftp, ssh, samba, etc... 'passwords'
>
> On 26-Mar-2000 19:16:30 Ernes
> > You can tell proftpd to allow logins without a valid shell. It can also
> > set a default root directory for users so they can't see anything above
> > that point.
>
> Is this what is called "chroot"?
it's technically not a chroot jail since in a chroot jail even the daemon
can't get outside
On 26-Mar-2000 19:16:30 Ernest Johanson wrote:
> You can tell proftpd to allow logins without a valid shell. It can also
> set a default root directory for users so they can't see anything above
> that point.
Is this what is called "chroot"?
--
Andrew
2000 17:51:06 -0900 (AKST)
> From: Adam Shand <[EMAIL PROTECTED]>
> To: Damon Muller <[EMAIL PROTECTED]>
> Cc: debian-user@lists.debian.org, recipient list not shown: ;
> Subject: Re: Limiting user access in ftp, ssh, samba, etc... 'passwords'
>
> > I wa
On Sat, Mar 25, 2000 at 05:51:06PM -0900, Adam Shand wrote:
> i'm not sure what you're options are for samba as i haven't used it for a
> long time ...
>
> for ssh you have two ways. give them a shell which is useless (/bin/false
> or /bin/true or make your own, eg. /usr/local/bin/nossh). then
> I want to have easy freedom in limiting user access. I have killed
> telnetd, and only sshd. I want to allow some users access through ssh,
> some through ftpd, and some through samba. How can I turn off user
> access through ssh, but keep their account, and allow them access
&
On Sat, Mar 25, 2000 at 05:46:00PM +1100, Damon Muller wrote:
> Quoth Percival,
> > I want to have easy freedom in limiting user access. I have killed
> > telnetd, and only sshd. I want to allow some users access through
> > ssh, some through ftpd, and some through samba
Quoth Percival,
> I want to have easy freedom in limiting user access. I have killed
> telnetd, and only sshd. I want to allow some users access through
> ssh, some through ftpd, and some through samba. How can I turn off
> user access through ssh, but keep their account, and allow
On Fri, Mar 24, 2000 at 06:59:35PM -0900, Ethan Benson wrote:
> this is a very good point, but as far as i have been able to find,
> there is no suitable, secure, replacement for ftp (why!?!?!)
> 2) use ssh to tunnel the ftp connection. I may be doing something
> wrong but i have never managed t
On Sat, Mar 25, 2000 at 11:38:38AM +0100, FIOL BONNIN Antonio wrote:
> I believe that a chroot'ed ftp may work well for you, as long as you do
> not allow ssh users to log in the ftp, nor the ftp users log in the ssh.
for ftp only yes chroot works quite well. its when you combine shell
access an
On Fri, 24 Mar 2000, Ethan Benson wrote:
> On Fri, Mar 24, 2000 at 09:31:25PM +0100, Antonio Fiol Bonnín wrote:
> >
> > > I want to have easy freedom in limiting user access. I have killed
> > > telnetd, and only sshd. I want to allow some users access through ssh,
&
On Fri, Mar 24, 2000 at 09:31:25PM +0100, Antonio Fiol Bonnín wrote:
>
> > I want to have easy freedom in limiting user access. I have killed
> > telnetd, and only sshd. I want to allow some users access through ssh,
> > some through ftpd, and some through samba. Ho
> secure box.
>
> I want to have easy freedom in limiting user access. I have killed telnetd,
> and only sshd. I want to allow some users access through ssh, some through
> ftpd, and some through samba. How can I turn off user access through ssh,
> but keep their acc
> I want to have easy freedom in limiting user access. I have killed
> telnetd, and only sshd. I want to allow some users access through ssh,
> some through ftpd, and some through samba. How can I turn off user
> access through ssh, but keep their account, and allow them access
&
I run a domain and host websites for myself and some friends. I am trying to
learn all about linux/system administration/security and I want to run a
responsible host as I have 24/7 Internet through a DSL. I try to run a secure
box.
I want to have easy freedom in limiting user access. I
Carey Evans <[EMAIL PROTECTED]> writes:
> Put /var/tmp on a different partition than /var (and /tmp on a
> different partition than /). This also stops them from keeping huge
> files in /var/tmp where the news spool, mail spool and logs are.
Of course, if you're being this paranoid, you should p
(Back to just debian-user; no discussions of policy in my message.)
Anthony Towns writes:
> But what about /var? /var/tmp should be world writable (albeit sticky)
> according to the FSSTND, but at least a couple of packages use /var
> for executable files, notably dpkg (/var/lib/dpkg/info/*), an
Anthony Towns wrote:
> according to the FSSTND, but at least a couple of packages use /var
> for executable files, notably dpkg (/var/lib/dpkg/info/*), and the
> distributed-net client (/var/lib/distributed-net/distributed-net).
>
> BTW, if /var was noexec, it remains possible to have something li
(sent to both debian-user and debian-policy, please be careful with
replies)
Nathan E Norman <[EMAIL PROTECTED]> writes:
> On Thu, 12 Feb 1998, Paul Miller wrote:
> : hmm... how would that stop users from running programs they copied onto my
> : server?
> Mount the /home partition noexec. In f
On Thu, 12 Feb 1998, Paul Miller wrote:
:
: hmm... how would that stop users from running programs they copied onto my
: server?
Mount the /home partition noexec. In fact, make sure any user writable
partition is mounted noexec. If your users can copy files to /usr, then
you've got a fairly b
hmm... how would that stop users from running programs they copied onto my
server?
If they can't copy them, how will they run them? Disable ftpd and
don't give them access to very many commands (not cc or ftp or chmod,
certainly) and they can't copy anything or create anything runnable,
th
On Thu, 12 Feb 1998, Paul Miller wrote:
> hmm... how would that stop users from running programs they copied onto my
> server?
chmod, perl and tar connot be directly used to make the copied/uploaded
files executable... since the files in /bin, /sbin, /usr/sbin, and
/usr/bin are owned by say, ro
hmm... how would that stop users from running programs they copied onto my
server?
On Thu, 12 Feb 1998, A. M. Varon wrote:
> On Wed, 11 Feb 1998, Paul Miller wrote:
>
> > Is there any way to do this for only certain groups?
>
> what I do is chmod 550 and chown root.staff the /bin, /sbin, /u
On Wed, 11 Feb 1998, Paul Miller wrote:
> Is there any way to do this for only certain groups?
what I do is chmod 550 and chown root.staff the /bin, /sbin, /usr/sbin,
and /usr/bin etc.
Where the group staff could be you. All others connot access the binaries
or whatever.
regards,
== =
> > > Is it possible to restrict user access so users can not execute any
> > > programs? (programs which they copied on to my system). - FreeBSD can do
> > > this sort of thing
> > Mount the user writable areas with the noexec option. Probably want to
> > put it in the /etc/fstab.
> Is there
Is there any way to do this for only certain groups?
-Paul
On Wed, 11 Feb 1998 [EMAIL PROTECTED] wrote:
> On Wed, 11 Feb 1998, Paul Miller wrote:
>
> > Is it possible to restrict user access so users can not execute any
> > programs? (programs which they copied on to my system). - FreeBSD can
On Wed, 11 Feb 1998, Paul Miller wrote:
> Is it possible to restrict user access so users can not execute any
> programs? (programs which they copied on to my system). - FreeBSD can do
> this sort of thing
Mount the user writable areas with the noexec option. Probably want to
put it in the /et
Is it possible to restrict user access so users can not execute any
programs? (programs which they copied on to my system). - FreeBSD can do
this sort of thing
---
Paul Miller <[EMAIL PROTECTED]>, finger for public PGP key
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe"
33 matches
Mail list logo
