Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!news.sprintlink.net!gol2!usenet From: Doug <doug@gol.com> Newsgroups: comp.unix.bsd.freebsd.misc Subject: A Matter of Security Date: 10 Jan 1996 16:43:11 GMT Organization: GOL Lines: 41 Message-ID: <4d0qav$9j0@gol2.gol.com> NNTP-Posting-Host: ppp240.gol.com Mime-Version: 1.0 Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 1.1N (Macintosh; I; PPC) X-URL: news:comp.unix.bsd.freebsd.misc Our system now allows members to make PPP connections via our new Portmaster (which is working well, along with RADIUS, thanks to the help of members of this group). I noticed that unless I created a user account on the FreeBSD machine for a user, he or she could not receive email. Well, that makes sense. But I also noticed that any user can now Telnet into our FreeBSD machine. What's more, because of the default settings, any user can roam around and see almost everything, including most of the contents of /etc. Questions! o Is this normal? Does everybody allow this? o As soon as I noticed this, I changed the permissions of /etc with the command chmod og-wrx /etc so that members could not access that directory. Is that a reasonable thing to do? Will it hurt any running processes? o Is there a way of disabling logins except for certain users? o Can a user wreak havoc with the system by creating huge files in their home directory, creating and running programs, etc.? o What do other sysops do about this? I am very interested in hearing the opinions of other members of this group. Thanks, Doug Lerner, Tokyo