Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!paladin.american.edu!gatech!newsfeed.internetmci.com!in2.uu.net!insync!news.hal-pc.org!usenet From: jhupp@gensys.com (Jeff Hupp) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: A Matter of Security Date: Thu, 11 Jan 1996 01:12:45 GMT Organization: Gensys Technologies Lines: 46 Message-ID: <4d1o5j$2jv@news.hal-pc.org> References: <4d0qav$9j0@gol2.gol.com> Reply-To: jhupp@gensys.com NNTP-Posting-Host: blue.gensys.com X-Newsreader: Forte Free Agent 1.0.82 Doug <doug@gol.com> wrote: :Our system now allows members to make PPP connections via our new :Portmaster (which is working well, along with RADIUS, thanks to the help :of members of this group). :I noticed that unless I created a user account on the FreeBSD machine :for a user, he or she could not receive email. Well, that makes sense. :But I also noticed that any user can now Telnet into our FreeBSD :machine. :o Is this normal? Does everybody allow this? Yes. Some do, some don't (makes maintaince of user pages much easer) I do. :o As soon as I noticed this, I changed the permissions of /etc with the :command :chmod og-wrx /etc :so that members could not access that directory. Is that a reasonable :thing to do? Will it hurt any running processes? Put it back, there are programs not running as root that need files in there. :o Is there a way of disabling logins except for certain users? RTFM login.access :o Can a user wreak havoc with the system by creating huge files in their :home directory, creating and running programs, etc.? Yes. :o What do other sysops do about this? RTFM quota, edquota, quotacheck, ... -- Jeff Hupp <jhupp@gensys.com> <http://gensys.com/>