09-03-2008
Yep. I worked for the DOC and before audit we settled on the CIS L1 standard.
It sounds like you guys went way past that.
I feel your pain but admins that have root create huge problems in a naively secure environment.
Say I su root. The local syslog daemon sends a message to the central logserver (which I have no privileges on) that I have assumed root. Voila..I am accountable. After that any message from that host is not reliable...even that I've logged out. That's the gotcha.
If the level of insecurity is such that admins are allowed root or application equivalence then anything they do is a potential systems compromise.
It's about trust..and all security, large and small, is eventually about trust.
9 More Discussions You Might Find Interesting
1. Programming
Please post a C code for implementation of Memory Mapping function.
It should simulate the mmap command. (1 Reply)
Discussion started by: raviviolet13
1 Replies
2. Shell Programming and Scripting
I was looking at a library that lets me parse comma delimited csv files without a problem, but unfortunately, I'm not allowed to make use of that library. I understand that the library probably does something similar to a string split(), but I don't quite know what kind of regular expression is... (1 Reply)
Discussion started by: mrwatkin
1 Replies
3. Programming
Hi all,
Can some one provide me a sample program which measures the performance (both latency and throughput) of TCP and UDP protocol (2 Replies)
Discussion started by: magnetpest2k7
2 Replies
4. Solaris
I'm trying to find an api for Java to send/receive files via sftp. There are some available for purchase out there such as JScape, but I was hoping to find a free one.
Does anyone know of one?
I would also like to find an open source java example application that can send files via sftp.
... (2 Replies)
Discussion started by: JohnRodey
2 Replies
5. UNIX for Advanced & Expert Users
Hi,
I am using SFTP for transferring files to remote server. Below is the snipped i am using for my sftp program
echo "lcd $i_localdir">/tmp/sftp_Batch
echo "cd $i_destdir">>/tmp/sftp_Batch
echo "put $i_filename">>/tmp/sftp_Batch
echo "chmod 644... (2 Replies)
Discussion started by: Ankgne
2 Replies
6. Shell Programming and Scripting
Hi,
We are getting the following error code while connection remote server using sftp command.
sftp user@serrver
Warning: child process (/opt/ssh2/bin/ssh2) exited with code 126.
pls Advise. (2 Replies)
Discussion started by: koti_rama
2 Replies
7. Shell Programming and Scripting
Hi all
I need to write shell script to list out the mounted devices for a particular user. As i am new to shell script please help me. Here the problem is sometime unmounted devices also will be displayed in fstab. How to rectify that? Can anybody help me?
Regards
Ilamathi (0 Replies)
Discussion started by: ilamathi
0 Replies
8. UNIX for Dummies Questions & Answers
So we know that Unix is free source software. And we know that Unix have support for FAT 16 and FAT 32. Does anyone know where can I found that implementation in code ?
Thank you. (2 Replies)
Discussion started by: medolina
2 Replies
9. Shell Programming and Scripting
hi gurus ,
i want the command to get the output in the desired format .
basically to convert columns to rows.
please refer to the attachment. (3 Replies)
Discussion started by: r_t_1601
3 Replies
chroot(2) System Calls Manual chroot(2)
NAME
chroot() - change root directory
SYNOPSIS
DESCRIPTION
causes the named directory to become the root directory, the starting point for path searches for path names beginning with path points to
a path name naming a directory. The user's working directory is unaffected by the system call.
The entry in the root directory is interpreted to mean the root directory itself. Thus, cannot be used to access files outside the subtree
rooted at the root directory.
Security Restrictions
The effective user ID of the process must be a user with the privilege to change the root directory.
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
RETURN VALUE
returns the following values:
Successful completion.
Failure.
is set to indicate the error.
ERRORS
fails and the root directory remains unchanged if one or more of the following is true:
Any component of the path name is not a directory.
The named directory does not exist or a component of the
path does not exist.
The effective user
ID is not a user who has the privilege.
path points outside the allocated address space of the process. The reliable detection of this error is implementation
dependent.
The length of the specified path name exceeds
bytes, or the length of a component of the path name exceeds bytes while is in effect.
Too many symbolic links were encountered in translating the path
name.
WARNINGS
Obsolescent Interfaces
is to be obsoleted at a future date.
SEE ALSO
chroot(1M), chdir(2), privileges(5).
STANDARDS CONFORMANCE
TO BE OBSOLETED chroot(2)