DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Snippets has posted 5883 posts at DZone. View Full User Profile

Very Minimal Security Of Remote File Fetching On Linux

  • submit to reddit
        Basic stuff, but stops bad users being able to grab stuff they shouldn't.

chmod 750 /usr/bin/rcp 
chmod 750 /usr/bin/wget 
chmod 750 /usr/bin/lynx 
chmod 750 /usr/bin/links 
chmod 750 /usr/bin/scp


Snippets Manager replied on Mon, 2012/05/07 - 1:13pm

This provides a false sense of security. You may as well disable curl, telnet, python, perl, ruby, gcc, netcat, vim (you can paste arbitrary data into it), rpm (it can download urls, in case you didn't know), dig (yes, you can use it to download stuff) and any other programs that might be able to retrieve remote data. Be prepared to go over the source code of all the software on your system looking for non-obvious hidden features. Even with rbash, you simply can't stop a determined user from downloading or uploading something. If you don't trust users with shells, just don't give them shells.