Toolbox functions from non-console terminals
Barnacle Wes
wes at obie.UUCP
Tue Jul 26 10:44:20 AEST 1988
In article <4230 at saturn.ucsc.edu>, matthew at ucscb.UCSC.EDU (73550000) writes:
> Unfortunately, toolbox-based programs are runnable by anyone who is
> logged in. This can cause problems if I am trying to use the Mac
> monitor/keyboard as the console terminal. If some other user runs
> /usr/toolboxbin/term,... I get a terminal window for THEIR account on
> MY screen.
Actually, there are several things you can do. The easiest is to make
sure none of the accounts other than yours have /usr/toolboxbin in their
path. Any experienced Unix user can get around this pretty easily, but
if your users aren't Unix people, it will suffice for a while.
Another trick is to make the tools in /usr/toolboxbin part of a special
group, say `toolbox'. Then chmod all the executables there to be owner
and group execute, and no world priveledges. Then add yourself and
nobody else to the group `toolbox' (in the file /etc/group). Then when
you want to run a toolbox program, just type `chgrp toolbox' before
typing the command to run the program. This scheme is much more secure
than the first suggestion.
Some other areas you might want to look at include the restricted shell
`rsh' & restricted editor `red', and the `chroot' call for user
accounts. Use of these would be pretty extreme, and would be used
primarily where you have a hostile user environment, like a BBS with a
lot of nasty hacking going on :-).
Wes Peters
--
{hpda, uwmcsd1}!sp7040!obie!wes
"Happiness lies in being priviledged to work hard for
long hours in doing whatever you think is worth doing."
-- Robert A. Heinlein --
More information about the Comp.unix.aux
mailing list