l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Nov 19 00:29

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] Re: [vox] Security Issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] Re: [vox] Security Issue

Response redirected to vox-tech ... please ask technical questions there.

On Tue, 19 Nov 2002, karthikeyan wrote:

> Hi,
>   Today morning when i was doing an ssh.  I was surprised that normal user
> can also do an SSH on our server if they know the port and can see all
> files.

Most, but not all, files on a *nix system are world-readable.  Common
exceptions are logfiles (/var/log/*).  If they are able to read the system
logfiles, confirm that the only username in your /etc/passwd file that has
a UID of zero is "root", and check the permissions on the logfiles.

> What am i missing here they dont belong to root group.

Perhaps you should read the System Administrator's Guide about
permissions.  (http://www.tldp.org/guides.html)

>  With FTP login they cant see files but yes if they know the port and
> can do a SSH files they are able to see everything.  How do i fix this
> issue.

Change permissions on the files and directories you don't want them to be
able to see, or don't give them SSH access.  Be careful though... changing
permissions globally without understanding the consequences can cause your
system to stop functioning.

FTP and HTTP servers are (supposed to be) designed to limit your access to
files in certain directories.  SSH is designed for allowing people to log
in without disclosing the contents of their communications with the system
to monitors along the way... logging in gives them much more access to the
system, and the reason it is so important that their communications be
private is that you don't want to expose that information to unknown
people.  That implies that you know the people you give SSH access to, and
that you maintain permissions to limit their access appropriately.

Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.