Protecting against downloads

[Ralph Sims]

heiser at sud509.ed.ray.com (Bill Heiser - Unix Sys Admin) writes:

> A *ix sysop I communite with recently told me that he'd caught one of
> his "shell-access" users downloading *ix binaries.  Since I'm getting

Sounds like he left HIMSELF open.

> As far as I can see, we either have to trust the users that we give
> shell access to, or make kermit/sz, etc unavailable to them.  I guess
> we could just make downloads only available thru the "bbs", rather than
> from the shell ...

How 'bout privileges on the files?  If the user didn't have read permission,
then he wouldn't have got them (maybe?  I don't speak unix, but I'm sure
someone will follow through on this).

> Anyone else have any ideas on this?  How do you all deal with this?

Watch your back.  Protect your files.  Don't give shell users root access.
Run an MS-DOS system.

--
  Remember when dethroning idols to save the pedestals--they may come
  in handy...