Subject: Re: Secure Shell now in mainline
To: Jaromír Dolecek <email@example.com>
From: John Nemeth <firstname.lastname@example.org>
Date: 10/26/2000 04:56:41
On Feb 10, 11:22pm, Jaromír Dolecek wrote:
} John Nemeth wrote:
} > - staff accounts can do anything
} > - user accounts aren't allowed access to dot files (this is for scp)
} > - user accounts shouldn't be allowed access to files outside their home
} > directories, except for a configured list of directories (this is for
} > scp)
} > - an alternative to the above two requirements would be to disable scp
} > access for user accounts
} > - user accounts aren't allowed to run arbitrary programs (i.e. no ssh,
} > just slogin)
Hmm, I forgot to mention that staff accounts could be
distinguished from staff accounts be distinguished from user accounts
by uid range and shell.
} I think this should not be too hard to do with any ssh using
} properly hacked $HOME/.ssh/config or $HOME/.ssh/rc or $HOME/.ssh/environment.
Perhaps so, I just haven't had time to fully investigate it.
Although, I try to make sure that users can't modify their own dot
files, I try not to rely on them for things related to system
}-- End of excerpt from Jaromír Dolecek