Users can only see home directory

or1onas · 03-10-2005, 04:28 PM

One more question (i just made an ugly thought....but probably silly):
I need to make sure that in case the user account is compromised (though quite difficult i hope, as ssh does exactly this dirty job), the box will remane safe and the user won't be able to gain root privileges...
The home directory is rw for the user.
Is it possible to copy 'su' file from his remote machine to mine and then get root?
I've already tried to do it myself and it didn't work, but i'd like some opinions on this..
Just to make sure what the proper procedure about securing the machine is.
Thanx in advance...

JZL240I-U · 03-11-2005, 02:42 AM

Quote:

Originally posted by or1onas
...The home directory is rw for the user....

I'd change that to r without w.

You might also want to develop a group policy giving your users the appropriate privileges by that means.

There is also a kernel extension for better granularity of rights than rwx, I just can't remember its name

but I think it's included in the coming SuSE 9.3 as an optional feature. Just google Novell / SuSE...

Lakefall · 03-11-2005, 02:13 PM

Quote:

Originally posted by or1onas
You're right about the directories being listable if guessed (which is not to difficult of course), but no dir listing access is given to them to by chmod -r.
So the user can only get inside his home folder and try to cd to /bin,/lib,etc but he gets a permission denied if he tries to do an ls...

My point was, did you do that to /usr/bin as well as /usr?

Quote:

Originally posted by or1onas
Is it possible to copy 'su' file from his remote machine to mine and then get root?

su needs to be owned by root and have the set user ID on execution bit set (see man chmod). Otherwise it cannot give you root access, because it doesn't have it itself. Normal user cannot change file ownership, so he cannot make his su to be owned by root. You may want to unset the SUID bit from as many binaries as you can, because they all have a potential ability to give any user running them full access as the user who owns them (usually root). This command should find them:

Code:

find / -perm -4000

or1onas · 03-12-2005, 06:45 AM

thanx a lot for the info.
i'll do that
and to answer the first question, i didn't chmod /usr/bin, i only did it on /usr

frob23 · 03-12-2005, 08:22 AM

BTW: Might as well turn off execute permissions for directories as well. Makes it a little harder to search around because you need to guess an exact end path.

You're crippling a LOT of stuff here. I sure hope you are doing this in the chrooted evironment and not to the world.

EDIT: Turning off the execute bit on the directories prevents people from cd'ing into them.

or1onas · 03-12-2005, 08:51 AM

Quote:

Originally posted by frob23
You're crippling a LOT of stuff here. I sure hope you are doing this in the chrooted evironment and not to the world.
EDIT: Turning off the execute bit on the directories prevents people from cd'ing into them.

Of course the changes we're talking about are done on the chrooted environment...
I'll read a bit about the folder permissions better, though i believe it's quite secure at this point....
If i make it to not even let cd into the folders, that will be the best!