Shell restricted access
Jackmcbarn
jackmcbarn+bb at gmail.com
Tue May 17 15:31:49 UTC 2016
Why are you trying to hide the contents of /etc/passwd? It's designed so
there's no security implications of it being readable by anyone (since
everything sensitive is in /etc/shadow).
On Tue, May 17, 2016 at 8:00 AM, Michal G <gonda.miso at gmail.com> wrote:
> I will go this way than. But if I am correct I cannot change for example
> read permissions for some files like /etc/passwd etc. to totally isolate
> users so there is no way how to prevent them to do "cat /etc/passwd" or
> similar. Is there any security flaw I should be aware of if I just create
> those users and keep everything as it is without settings more file
> permissions on the system? For binaries I will use setuid as you said.
>
>
> On Fri, May 13, 2016 at 7:42 PM, Jackmcbarn <jackmcbarn+bb at gmail.com>
> wrote:
>
>> The best approach here is to use file permissions to prevent them from
>> accessing files and directories they shouldn't. If there need to be
>> exceptions for certain programs, implement them as setuid binaries.
>>
>> On Wed, May 11, 2016 at 8:17 AM, Michal G <gonda.miso at gmail.com> wrote:
>>
>>> Hi,
>>> I am using Buildroot with Busybox on my system and I would like to
>>> implement some serious restrictions for the users. I have 3~4 more users
>>> and each of them should have an access only to their own folders and couple
>>> of shell scripts. I would use shell scripts to change content of other
>>> files. Nothing more.
>>> Is it possible to achieve this in Buildroot ash? Or what would be the
>>> best approach?
>>> Thank you very much.
>>>
>>> BR
>>> Michal Gonda
>>>
>>> _______________________________________________
>>> busybox mailing list
>>> busybox at busybox.net
>>> http://lists.busybox.net/mailman/listinfo/busybox
>>>
>>
>>
>> _______________________________________________
>> busybox mailing list
>> busybox at busybox.net
>> http://lists.busybox.net/mailman/listinfo/busybox
>>
>
>
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20160517/973d35a5/attachment.html>
More information about the busybox
mailing list