Protecting against downloads
Craig Bevins
craigb at ips.oz.au
Fri Sep 14 13:43:06 AEST 1990
In article <22 at tdw205.ed.ray.com> heiser at sud509.ed.ray.com
(Bill Heiser - Unix Sys Admin) writes:
>A *ix sysop I communite with recently told me that he'd caught one of
>his "shell-access" users downloading *ix binaries. Since I'm getting
>ready to set up my system for public access, this concerns me. How
>do you all who run public-access systems protect yourselves against this
>kind of thing? If it went on for long enough, the person could get
>himself an entire OS for free!!
It's one thing to have the binaries, but how do you bootstrap them?
With time-charged calls, it seems like a pretty expensive way to get
yourself a Unix distribution anyway. I have been involved for many
years with a public access Unix system where *everybody* has full
shell access. I have seen some incredibly stupid and anti-social
shenanigans in my time, but never anybody trying to download a free
copy of Unix. And we don't have time-charged local calls here in Oz,
so it would be a much less expensive proposition. Maybe this person
was just a dick-head?
>As far as I can see, we either have to trust the users that we give
>shell access to, or make kermit/sz, etc unavailable to them. I guess
>we could just make downloads only available thru the "bbs", rather than
>from the shell ...
If your biggest problem with a public access system is that somebody
might rip off a few binaries, then you're miles in front of most of
the rest of us. If this is really a concern, though, what's wrong
with turning off the "other" read bits (i.e. "chmod o-r")? Make sure
you don't touch shell scripts, though.
csb
More information about the Comp.unix.sysv386
mailing list