[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS security question

From: Rick Genter
Subject: RE: CVS security question
Date: Tue, 3 Feb 2004 12:32:42 -0800

It's probably more secure to set their shell to something that does exist but 
won't function as a shell, like /dev/null or /bin/false. That way you don't 
leave a hole where someone could create the non-existent program that the user 
points to and voila - instant access.

Rick Genter
Sr. Software Engineer
Silverlink Communications
(781) 272-3080 x242

This e-mail, including attachments, may include confidential and/or proprietary 
information, and may only be used by the person or entity to which it is 
addressed.  If the reader of this e-mail is not the intended recipient or his 
or her authorized agent, the reader is hereby notified that any dissemination, 
distribution or copying of this e-mail is prohibited.  If you have received 
this e-mail in error, please notify the sender by replying to this message and 
delete this e-mail immediately.

-----Original Message-----
From: address@hidden
[mailto:address@hidden Behalf Of
Mark Jaffe
Sent: Tuesday, February 03, 2004 3:26 PM
To: address@hidden
Subject: RE: CVS security question

You can prevent a user from logging in by setting the shell variable in the 
/etc/password file to a nonexistent shell. This will allow authorization, but 
not allow login.

-----Original Message-----
> From: address@hidden
> [mailto:address@hidden Behalf
> Of Pankaj Garg
> Sent: Tuesday, February 03, 2004 10:59 AM
> To: address@hidden
> Subject: CVS security question 
> To use SSH i
> need to make shell accounts for those two users. Now because 
> these two users
> have shell account and have write access to my repository, they can
> essentially login in my CVS server box and do an rm -fR on my whole
> repository. Is there a way to prevent this?

Mark Jaffe        | (408) 972-9638 (home)
Chief Wizard      | (408) 807-2093 (cell)
Computer Wizards  | (425) 795-6421 (FAX)

Info-cvs mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]