RE: CVS security question

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS security question

From:	Rick Genter
Subject:	RE: CVS security question
Date:	Tue, 3 Feb 2004 12:32:42 -0800

It's probably more secure to set their shell to something that does exist but 
won't function as a shell, like /dev/null or /bin/false. That way you don't 
leave a hole where someone could create the non-existent program that the user 
points to and voila - instant access.

--
Rick Genter
Sr. Software Engineer
Silverlink Communications
<mailto:address@hidden>
(781) 272-3080 x242

This e-mail, including attachments, may include confidential and/or proprietary 
information, and may only be used by the person or entity to which it is 
addressed.  If the reader of this e-mail is not the intended recipient or his 
or her authorized agent, the reader is hereby notified that any dissemination, 
distribution or copying of this e-mail is prohibited.  If you have received 
this e-mail in error, please notify the sender by replying to this message and 
delete this e-mail immediately.




-----Original Message-----
From: address@hidden
[mailto:address@hidden Behalf Of
Mark Jaffe
Sent: Tuesday, February 03, 2004 3:26 PM
To: address@hidden
Subject: RE: CVS security question


You can prevent a user from logging in by setting the shell variable in the 
/etc/password file to a nonexistent shell. This will allow authorization, but 
not allow login.

-----Original Message-----
> From: address@hidden
> [mailto:address@hidden Behalf
> Of Pankaj Garg
> Sent: Tuesday, February 03, 2004 10:59 AM
> To: address@hidden
> Subject: CVS security question 
> 
> To use SSH i
> need to make shell accounts for those two users. Now because 
> these two users
> have shell account and have write access to my repository, they can
> essentially login in my CVS server box and do an rm -fR on my whole
> repository. Is there a way to prevent this?



=========================================
Mark Jaffe        | (408) 972-9638 (home)
Chief Wizard      | (408) 807-2093 (cell)
Computer Wizards  | (425) 795-6421 (FAX)


_______________________________________________
Info-cvs mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/info-cvs

[Prev in Thread]

Current Thread

[Next in Thread]

CVS security question, Pankaj Garg, 2004/02/03
- Re: CVS security question, Larry Jones, 2004/02/03
- Re: CVS security question, Mark D. Baushke, 2004/02/03
- RE: CVS security question, Jim.Hyslop, 2004/02/03
- RE: CVS security question, Matthew . Riechers, 2004/02/03
- RE: CVS security question, Mark Jaffe, 2004/02/03
- RE: CVS security question, Rick Genter <=
  - RE: CVS security question, Greg A. Woods, 2004/02/04
- Re: CVS security question, Pankaj Garg, 2004/02/03
  - Re: CVS security question, Mark D. Baushke, 2004/02/03
  - Re: CVS security question, Greg A. Woods, 2004/02/04
- RE: CVS security question, Patton, Matthew E., CTR, OSD-PA&E, 2004/02/03

Prev by Date: RE: CVS security question
Next by Date: RE: How to determine what tag a branch was based on?
Previous by thread: RE: CVS security question
Next by thread: RE: CVS security question
Index(es):
- Date
- Thread