LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 09-28-2005, 11:35 PM   #1
zhizaki
Member
 
Registered: Sep 2005
Location: Austin, TX
Distribution: Slackware
Posts: 31

Rep: Reputation: 15
Posing a new security measure.....


I have question about what commands should be removed from regular user access, even though they are located in places such as /usr/bin/, /bin/ and a few other locations. What are some commands that you guys recommend normal users having limited access to?

My reason for posting this here, instead of security is that I'm basing this off of my slack install and would like to know what fellow slackers think of the commands readily available to users.

My solution to this potiental security risks to write a script that will create a new folder that would allow access only to higher privilaged users in a specified group without making things overly complicated. I plan on soft linking all the commands to a folder that allows a specific group to access, then further creating sub directories and groups to access specific commands like networking, root access and development tools.


Please tell me what you think.
 
Old 09-28-2005, 11:50 PM   #2
microsoft/linux
Senior Member
 
Registered: May 2004
Location: Sebec, ME, USA
Distribution: Debian Etch, Windows XP Home, FreeBSD
Posts: 1,445
Blog Entries: 9

Rep: Reputation: 45
I'm not a security expert(nor a slackware expert), but most commands that can seriously mess up a system will require root acess. I've set up sudoers, and changed my path to that of root(my personal machine, not multiple logins). Linux is pretty secure on it's own...sorry I can't be of more help.
 
Old 09-28-2005, 11:53 PM   #3
MMYoung
Member
 
Registered: Apr 2004
Location: Arkansas
Distribution: Ubuntu 8.10
Posts: 365

Rep: Reputation: 30
Sounds rather complicated to me, but then what the hell do I know.

Users - CDS (Can't Do S***t)
Root - ASICD (Ain't S***t It Can't Do)

Just my thoughts,
MMYoung
 
Old 09-29-2005, 12:07 AM   #4
zhizaki
Member
 
Registered: Sep 2005
Location: Austin, TX
Distribution: Slackware
Posts: 31

Original Poster
Rep: Reputation: 15
My whole point to something like this, (and now I think about maybe a totally invalid one), is to have some sort of fall back for myself in case I allow some random users on to my machine and get screwed because of it. If they can't compile a program or telnet or ftp using my box as a jump point, I'd feel safer.
 
Old 09-29-2005, 12:13 AM   #5
microsoft/linux
Senior Member
 
Registered: May 2004
Location: Sebec, ME, USA
Distribution: Debian Etch, Windows XP Home, FreeBSD
Posts: 1,445
Blog Entries: 9

Rep: Reputation: 45
assuming the user does not own the build directory, then cannot compile anything. SSH is more secure than telnet, but if you don't want people logging in remotely, disable both. As for FTP, I don't know a whole lot about it, but again, if you don't need it, disable it
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Measure how much I upload and Download barryw Linux - Networking 1 06-02-2005 04:21 AM
measure program performance cranium2004 Programming 1 05-04-2005 11:49 AM
measure memory usage unosoft Linux - Software 1 10-07-2003 07:25 PM
accurately measure time rasselin Programming 1 09-05-2003 06:18 PM
120GB HDD posing as 2.5GB Azriphale Linux - Hardware 1 09-04-2003 10:09 AM


All times are GMT -5. The time now is 08:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration