08-05-2009
Since the users have access to the server as root, there's little you can do. The only thing I can think of is creating an encrypted volume that is mounted only on-demand. But during that time it's just as accessible as everything else.
By the way, when the higher-ups decided to share the root password, did they think of a way how to discover the person responsible in case something bad happens? rm -rf is a quick, yet deadly command...
10 More Discussions You Might Find Interesting
1. Cybersecurity
restricted access...
Hi
I need to restrict users shell access to only $HOME under /home for each user. I don't want them getting out of their own directories. From what I understand chroot is something I could use, but I want to avoid this since it involves creating symbolic links to a number... (9 Replies)
Discussion started by: alwayslearningunix
9 Replies
2. UNIX for Dummies Questions & Answers
I need to create a user that only has access to 1 directory (e.g. /vol/mita/test). The user needs to be able to rsh into that directory to run a script. The user should not be able to navigate to any other directories above /vol/mita/test. Any help would be appreciated! (4 Replies)
Discussion started by: ngagne
4 Replies
3. UNIX for Dummies Questions & Answers
I have a need to allow only certain IP addresses to access a machine running solaris 9. I am not sure how this can be accomplished.
Thanks in advance for your help.
Patch (2 Replies)
Discussion started by: patch
2 Replies
4. Solaris
Hi All,
I'm on Solaris 8, I need to provide Read-only access to a user to 2 directories only.
Using rsh (restricted shell) as the user's login shell, I can restrict the user's access to a certain directory only, but how can I set in such a way that the user can access only the 2 directories... (4 Replies)
Discussion started by: max_min
4 Replies
5. UNIX for Advanced & Expert Users
I'm the admin in a shop in which my developers have and use the root account, all UNIX newbies.
I've been unable to convince management myself that this is an unacceptable practice.
I've looked in a couple books I have and can't find any chapters, discussions, etc that make the argument that... (2 Replies)
Discussion started by: keith.m
2 Replies
6. Solaris
We want to secure access to a server by restricting the number of users who can login to it. Our users are NIS users. Only few of them can telnet/ssh this server.
Do you have any idea on how to implement that?
thanks. (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
7. UNIX for Dummies Questions & Answers
Hi all,
I have user called "Z". The home directory is /home/Z. I have another directory /home/Z/OP. Within /home/Z/OP, i have 2 directories
/home/Z/OP/OP1 and /home/Z/OP2.
I want to restrict access for Z to only access
/home/Z/OP and
/home/Z/OP1 and
/home/Z/OP2.
What kind of... (4 Replies)
Discussion started by: new2ss
4 Replies
8. Solaris
Dear All,
I have created a user called "x" who is allowed only to FTP and it is working fine. Here my problem is, I want to give access to a particular directory say for eg:- /dump/test directory. I don't find any option in the useradd command to restrict access to this particular directory only... (1 Reply)
Discussion started by: Vijayakumarpc
1 Replies
9. Solaris
Hi all.
I've had a quick look around but cant see anything exactly matching my requirements.
I have a new T2000 running S10. Im looking to restrict the no. cores that a S10 non-global zone can use to 1 only. The box is single CPU but 8core.
I want to do this to save on some software... (4 Replies)
Discussion started by: boneyard
4 Replies
10. UNIX for Dummies Questions & Answers
Hello,
I am using MySecureShell to chroot all sftp accesses. The problem that I have is that my boss does not want root to be able to use sftp. Root should still be able to ssh. Any ideas? (2 Replies)
Discussion started by: mojoman
2 Replies
LEARN ABOUT SUSE
ncplogin
ncplogin(8) NCPFS ncplogin(8)
NAME
ncplogin - establishes identity to the Netware server or tree
SYNOPSIS
ncplogin [OPTIONS]
DESCRIPTION
ncplogin and ncpmap provide a way for you to split the ncpmount operation into halves, with ncplogin establishing your identity to the
server or tree. ncpmap mounts it later.
OPTIONS
-T tree Tree name to be used.
-S server Server name to be used. The -S and -T options are mutually exclusive.
-X name_ctx Default name context to be used.
-E Echoes the value of final mount_point.
-U username Username sent to server.
-u uid Uid given the mounted files.
-g gid Gid given the mounted files.
-c uid Uid to identify the connection on which to mount. Only appropriate for root.
-C Do not convert password to uppercase.
-P password Use this password.
-n Do not use any password. If neither -P nor -n is given, you are asked for a password.
-f mode Permission given the files, in octal notation.
-d mode Permission given the directories, in octal notation.
-t time_out Time, in 1/100s of a second, to wait for an answer from the server. Default is 60.
-r retry_count Number of retry attempts. Default is 5.
-s Enable renaming and deletion of read-only files.
-h Print the help text.
-v Print ncpfs version number.
-i level Signature level. 0 = never, 1 = supported, 2 = preferred, 3 = required.
-N os2,nfs Do not use the specified namespaces on mounted volume.
-y charset Character set used for input and display.
-p codepage Codepage used on volume, including letters "cp."
-B bcast Broadcast mode. 0 = all 1 = console 2 = none. Default is all.
-l Autocreate mounting point if needed in /mnt/ncp/SERVER/VOLUME.
SECURITY
ncplogin must be setuid to permit non-root users use of it. In these cases, mounting ncpfs will enforce nodev and nosetuid mount options.
SEE ALSO
ncpmap(1), ncpmount(8)
AUTHOR
Manpage written by Rodrigo Rubira Branco <rrbranco@br.ibm.com> with help from Petr Vandrovec <petr@vandrovec.name>.
NCPFS
Jun, 01 2006 ncplogin(8)