Protecting against downloads
Matthew Farwell
dylan at ibmpcug.co.uk
Sat Sep 15 20:56:49 AEST 1990
In article <epeterso.653316195 at houligan> epeterson at encore.com writes:
>mju at mudos.ann-arbor.mi.us (Marc Unangst) writes:
>Aha! I see your point. An even less healthy idea than before.
>However, if you were willing to take the time to do it, perhaps you
>could set up a branch of your file system to be a limited subset of
>your primary file system, with hard links from the subsystem into the
>main system for programs that users would need access to (sh, csh, cc,
>etc.). If you also linked in /etc/passwd, /etc/group, and so forth,
>you'd be set to present a limited subset of your main hierarchy.
>
>There's only two things wrong with doing this -- (1) it may take more
>time and effort than it's worth, and (2) it still doesn't solve the
>original problem.
Actually 2+1/2. Don't link /etc/passwd to <chroot dir>/etc/passwd. Maintain
a separate copy of the passwd file in the chroot dir, with passwds
starred out. Its easy enuf to do. Just have a script something like:-
awk -F: '{ OFS=":" ; print $1,"*",$3,$4,$5,$6,$7 }' /etc/passwd > whatever
(forgive me if my awk isn't up to scratch)
Only problem I can see with this approach is that the user can't
(easily) change his/her/its password. All depends on the time + effort
you want to put into security.
Dylan.
--
Matthew J Farwell | Email: dylan at ibmpcug.co.uk
The IBM PC User Group, PO Box 360,| dylan%ibmpcug.CO.UK at ukc
Harrow HA1 4LQ England | ...!uunet!ukc!ibmpcug.co.uk!dylan
Phone: +44 81-863-1191 | Sun? Don't they make coffee machines?
More information about the Comp.unix.sysv386
mailing list