Les wrote:
On Wed, 2007-02-07 at 12:44 +0800, edwardspl@xxxxxxxxxx wrote:
Sam Varshavchik wrote:
edwardspl@xxxxxxxxxx writes:
蝡� HTML content follows 蝵�
Les wrote:
On嚙確ue,嚙�2007-02-06嚙窮t嚙�23:06嚙�
+0800,嚙�<URL:mailto:edwardspl@xxxxxxxxxx>edwar
dspl@xxxxxxxxxx嚙緩rote:
嚙踝蕭
Dear嚙璀ll,
How嚙箱an嚙緩e嚙締imit嚙窮嚙線ser嚙窮/c嚙緩hen嚙緣elnet嚙緣o嚙緣he嚙編erver嚙�:
eg嚙�:
[edward@svr1嚙羯]$嚙締s嚙�-l嚙�-a
total嚙�36
drwx------嚙�3嚙箴dward嚙箴dward嚙�4096嚙瘤eb嚙踝蕭6嚙�22:51嚙�.
drwxr-xr-x嚙�5嚙緝oot嚙踝蕭嚙緝oot嚙踝蕭嚙�4096嚙瘤eb嚙踝蕭6嚙�22:50嚙�..
-rw-------嚙�1嚙箴dward嚙箴dward嚙踝蕭嚙�14嚙瘤eb嚙踝蕭6嚙�22:52嚙�.bash_history
-rw-r--r--嚙�1嚙箴dward嚙箴dward嚙踝蕭嚙�24嚙瘤eb嚙踝蕭6嚙�22:50嚙�.bash_logout
-rw-r--r--嚙�1嚙箴dward嚙箴dward嚙踝蕭176嚙瘤eb嚙踝蕭6嚙�22:50嚙�.bash_profile
-rw-r--r--嚙�1嚙箴dward嚙箴dward嚙踝蕭124嚙瘤eb嚙踝蕭6嚙�22:50嚙�.bashrc
drwxr-xr-x嚙�3嚙箴dward嚙箴dward嚙�4096嚙瘤eb嚙踝蕭6嚙�22:50嚙�.kde
-rw-r--r--嚙�1嚙箴dward嚙箴dward嚙踝蕭658嚙瘤eb嚙踝蕭6嚙�22:50嚙�.zshrc
[edward@svr1嚙羯]$
Prevent嚙線ser嚙�"edward"嚙篆rom嚙範oing嚙緣he嚙篆ollowing嚙�:
modify嚙�/嚙範el嚙緣he嚙箴xiting嚙篆iles嚙�(嚙範efault嚙箭y嚙緣he嚙編ystem嚙�).
Allow嚙線ser嚙�"edward"嚙箱reate嚙�/嚙範el嚙�/嚙練odify嚙緻ther嚙篁is嚙緻wn嚙篆iles嚙�/嚙範irs.
Edward.
--嚙�
嚙踝蕭嚙踝蕭
Have嚙緝oot嚙箱reate嚙緣he嚙篆iles嚙緩ith嚙緝oot嚙窮ccess,嚙緣hen嚙緘ut嚙緣he嚙緩orld嚙緝ead嚙窮nd
execute嚙緘rivilege嚙緻n嚙緣hem.嚙踝蕭Only嚙緝oot嚙箱an嚙緣hen嚙練odify嚙緣hem.
Regards,
Les嚙瘡
嚙踝蕭
But when user "edward" login to the server by the telnet service,
then he can modify the dot file...
1) No, he can't. Not if the file is owned by root, with no other
permissions.
2) If you allow telnet access, you have more problems to worry
about. Such as anyone with access to your local network, or your
Internet provider's network, being able to capture your login
passwords.
For the point 1, user edward he can modify / delete the dot file....
--
Is user edward a superuser? If so, that will cause edward to be able to
change any file he wants, regardless of permissions or any other action
you may take.
Regards,
Les H
Hello to you,
User "edward" is a normal user account...
Edward.
|
