Restricting network access
obrien at Rand-Unix.ARPA
obrien at Rand-Unix.ARPA
Thu Apr 12 03:38:00 AEST 1984
All network access in any version of UNIX that I've ever seen is
done by way of special files. This includes 4.2. Just have protection
660 on all network files, and have them owned by a group "network". Then,
make authorized users a member of that group. A similar scheme is necessary
(and also not present in 4.2) to protect terminals against a pernicious
type of security attack (due to the current ANSI standard for CRT terminals).
Of course, you can also have socket entities out there in the file
system, and if you do as the folks at BRL have suggested (change the
semantict of "open()" so that a "connect()" is done automatically when
you hit one), then you have to make other provisions. Most such "portals"
are only used on a local net, though, and not the Internet.
More information about the Comp.unix.wizards
mailing list