Xref: utzoo alt.security:1517 alt.bbs:2906 comp.unix.sysv386:296 Path: utzoo!utgpu!cs.utexas.edu!wuarchive!mit-eddie!uw-beaver!sumax!halcyon!ralphs From: ralphs@halcyon.wa.com (Ralph Sims) Newsgroups: alt.security,alt.bbs,comp.unix.sysv386 Subject: Re: Protecting against downloads Message-ID: Date: 13 Sep 90 02:06:29 GMT References: <22@tdw205.ed.ray.com> Organization: The 23:00 News Lines: 24 heiser@sud509.ed.ray.com (Bill Heiser - Unix Sys Admin) writes: > A *ix sysop I communite with recently told me that he'd caught one of > his "shell-access" users downloading *ix binaries. Since I'm getting Sounds like he left HIMSELF open. > As far as I can see, we either have to trust the users that we give > shell access to, or make kermit/sz, etc unavailable to them. I guess > we could just make downloads only available thru the "bbs", rather than > from the shell ... How 'bout privileges on the files? If the user didn't have read permission, then he wouldn't have got them (maybe? I don't speak unix, but I'm sure someone will follow through on this). > Anyone else have any ideas on this? How do you all deal with this? Watch your back. Protect your files. Don't give shell users root access. Run an MS-DOS system. -- Remember when dethroning idols to save the pedestals--they may come in handy...