Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: any reason for a user without a homedir - security/config/application?
Top Forums UNIX for Advanced & Expert Users any reason for a user without a homedir - security/config/application? Post 302194388 by Smiling Dragon on Monday 12th of May 2008 09:05:07 PM
Old 05-12-2008
Quote:
Originally Posted by frozentin
You could assign /tmp as the home dir for these users. I always feel a little queasy about putting somebody in "/", lest they also have sudo permissions, and (even unknowingly) cause major trouble.
I'm not such a fan of /tmp, it creates a fairly large security vulnerability; Imagine that you are a user on a solaris system where you know some users have homedirs set to /tmp. Now imagine that the server has been recently restarted and /tmp is pristine and empty and you are a somewhat mischevious sort.
Createing /tmp/.ssh won't get you very far as ssh perfoms a number of integrity checks to protect you from sneakyness here, but think about .Xauthority files for instance, I could create an xauth cookie that I know, then put an Xauthority file in /tmp and wait for a user to log in. They'd potentially 'reuse' our version of the cookie and allow us to gain control of their screen, keyboard and mouse. Alternativly, one could create a profile, .login, .cshrc, .bashrc or .kshrc that does a bunch of evil things as/to the user logging in.
Even worse/funnier they would be unable to remove or alter these files so they couldn't even fix it themselves if they noticed.

Why would sudo be affected by the homedir?
 

6 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Help with capturing homedir via ssh and saving to variable

I need to capture the homedir using the ssh command and then saving it to a variable. The results from the following command is what I need to capture to a variable: NOTE: the value I'm getting back is also incorrect. as it seems to be getting the home dir from the local server and not the... (2 Replies)
Discussion started by: reneuend
2 Replies

2. Shell Programming and Scripting

how to send config file to other application

hi.. i have one c++ pgm which run shell script.shell script reads username and password from file.This pgm check username password is correct or not.After checking this i want to send config file of respective user to other application.I made config file also.My problem is how to send this config... (1 Reply)
Discussion started by: shubhig15
1 Replies

3. UNIX and Linux Applications

how to send config file to other application

hi.. i have one c++ pgm which run shell script.shell script reads username and password from file.This pgm check username password is correct or not.After checking this i want to send config file of respective user to other application.I made config file also.My problem is how to send this... (1 Reply)
Discussion started by: shubhig15
1 Replies

4. SuSE

How to config root kde same as user?

Eclipse looks completely different when run under root compared to my user. It's like kde wasn't setup for root upon installation. I'm running Suse 9.3 Pro. How do I configure root kde so that eclipse looks the same when run as user? (3 Replies)
Discussion started by: shwick2
3 Replies

5. UNIX and Linux Applications

postfix config: how to relay mails for only one user of a certain domain

Hello there, First of all I tell you that this is my first postfix installation so please be patient... I have following scenario: fetchmail --> postfix --> amavis-new --> postfix --> exchange 2010. Everything -except exchange ;-)- runs on an opensuse 12.1 box. Now, I have a list of... (0 Replies)
Discussion started by: lpacor
0 Replies

6. Red Hat

Regarding application of security patches RHEL 5.5

Hi Is there a direct way to apply a particular security advisory on the system. Presently we have certain security advisories to be applied which require installation of multiple rpms and their dependencies. These rpms as listed in the security advisory also mention that they have been... (0 Replies)
Discussion started by: Sapanvas
0 Replies

LEARN ABOUT POSIX

audit_data

audit_data(4)							   File Formats 						     audit_data(4)

NAME

       audit_data - current information on audit daemon

SYNOPSIS

       /etc/security/audit_data

DESCRIPTION

       The  audit_data file contains information about the audit daemon. The file contains the process ID of the audit daemon, and the pathname of
       the current audit log file. The format of the file is:

	      pid>:<pathname>

       Where pid is the process ID for the audit daemon, and pathname is the full pathname for the current audit log file.

EXAMPLES

       Example 1: A sample audit_data file.

       64:/etc/security/audit/server1/19930506081249.19930506230945.bongos

FILES

       /etc/security/audit_data

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Obsolete			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       audit(1M), auditd(1M), bsmconv(1M), audit(2), audit_control(4), audit.log(4)

NOTES

       The functionality described on this manual page is internal to audit(1M) and might not be supported in a future release.

       The auditd utility is the only supported mechanism to communicate with auditd(1M). The current audit log can be determined by examining the
       configured audit directories. See audit_control(4).

       The  functionality described on this manual page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for
       more information.

SunOS 5.10							    14 Nov 2002 						     audit_data(4)
All times are GMT -4. The time now is 07:19 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy