Never been to DZone Snippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Very minimal security of remote file fetching on Linux (See related posts)

Basic stuff, but stops bad users being able to grab stuff they shouldn't.

chmod 750 /usr/bin/rcp 
chmod 750 /usr/bin/wget 
chmod 750 /usr/bin/lynx 
chmod 750 /usr/bin/links 
chmod 750 /usr/bin/scp

to linux shell security by peter on Wed Aug 03 04:20:26 -0400 2005

Comments on this post

jfunk posts on Oct 01, 2005 at 02:40

This provides a false sense of security. You may as well disable curl, telnet, python, perl, ruby, gcc, netcat, vim (you can paste arbitrary data into it), rpm (it can download urls, in case you didn't know), dig (yes, you can use it to download stuff) and any other programs that might be able to retrieve remote data. Be prepared to go over the source code of all the software on your system looking for non-obvious hidden features.

Even with rbash, you simply can't stop a determined user from downloading or uploading something.

If you don't trust users with shells, just don't give them shells.

You need to create an account or log in to post comments to this site.

Click here to browse all 4852 code snippets

Never been to DZone Snippets before?

Very minimal security of remote file fetching on Linux (See related posts)

Popular @ dzone.com

Comments on this post

Related Posts