LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-06-2004, 12:24 AM   #1
kinasz
Member
 
Registered: Mar 2004
Location: Brisbane, Australia
Distribution: FreeBSD, Suse
Posts: 103

Rep: Reputation: 15
Howto stop users creating certain files


Is there a way to limit a user from creating certain files based on the filename. I still want to give the user write access to their home directory but I don't want them to be able to create files starting with a "."

This is for ftp accounts so if there is another way to stop users creating hidden files with proftp i would like to know


Cheers
 
Old 05-06-2004, 01:02 AM   #2
retep
Member
 
Registered: Sep 2003
Distribution: RedHat/Debian
Posts: 50

Rep: Reputation: 15
I don't know of a what to prevent this. But what's the problem with creating 'hidden' files? They just another file. You just have to use the -a option on ls to see them.
 
Old 05-06-2004, 01:42 AM   #3
kinasz
Member
 
Registered: Mar 2004
Location: Brisbane, Australia
Distribution: FreeBSD, Suse
Posts: 103

Original Poster
Rep: Reputation: 15
There are various security exploits a user can use by creating hidden files on an ftp server

Just for example ( and i haven't left my network open to this, i am just being cautious ):

a user can create a .ssh directory and put in it the keys they require to connect
a .forward file, to forward their mail through another program and possibly be able to change their shell. ( assuming I had sendmail running )

While I have minimum services on the server running and I am not aware of any such vulnerabilities on my server, I still go by the motto " you can never be to cautious when it comes to security" and given that most of these exploits utilise configuration files that are usually hidden, and I am required to give them write access to their home directories, I figured If i stopped them from making hidden files it would add a bit of extra security to the system.

If it can't be done though, doesnt matter.
 
Old 05-06-2004, 02:59 AM   #4
retep
Member
 
Registered: Sep 2003
Distribution: RedHat/Debian
Posts: 50

Rep: Reputation: 15
Ah, I see.

One thing you could try is to pre-create those files/directorys and chmod 000 them. Then the user would not be able to change them.
 
Old 05-06-2004, 03:13 AM   #5
kinasz
Member
 
Registered: Mar 2004
Location: Brisbane, Australia
Distribution: FreeBSD, Suse
Posts: 103

Original Poster
Rep: Reputation: 15
That's a really good idea
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HOWTO Check, Start and Stop Services GNewbie MEPIS 9 08-22-2012 11:09 PM
stop users from su'ing Phonics3k Linux - Security 4 11-12-2005 11:03 PM
DISCUSSION: Howto stop your laptop from crashing when power source is changed. bufo333 LinuxAnswers Discussion 1 07-24-2004 04:11 PM
Howto stop daemon from starting Lawful Linux - General 3 04-30-2004 05:06 PM
How do I stop autolooging in of users into KDE? hiplainsdrifter Linux - General 1 04-15-2004 07:13 PM


All times are GMT -5. The time now is 03:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration