[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user access to network - summary



Gaal Yahas wrote:
> 
> On Wed, May 13, 1998 at 09:08:14PM +0300, Tuvik Beker wrote:
> 
> > Needless to say, there are better methods, as suggested by some of you,
> > but this one is very easy to create and modify, and seems rather safe.
> > Please correct me if I'm wrong in this last point.
> 
> If everyone on the machine is trusted.
> 
> With this solution, any account owner can probably PREVENT the change
> from occuring by deleting the file.
Not really! A user creates the file with his own permissions, so another
user cannot delete it. Root deletes it after fulfilling the request.

> Also, if you decide to go this way, at least have the script check
> ownership of the semaphore and do some sanity checks (probably logging
> too?).
Naturally.
As I said, it's far from perfect, and to do it properly it needs the
usual checks and precautions which I have implemented only partially,
but these can be very easily added.

T.
-- 
--------------------------------------------
               Tuvik Beker
      P.O. Box 571, Givatayim 53104
Tel. (972) 3 5714436    Fax. (972) 3 5334349
         becket@shum.huji.ac.il
--------------------------------------------