** CONFIDENTIAL **

CONFIDENTIAL

Date: Sun, 15 Dec 1996 10:23:03 -0400
From: "David L. Potter" <ab934@chebucto.ns.ca>
To: csuite-dev@chebucto.ns.ca
next message in archive
next message in thread
previous message in archive
Index of Subjects


With respect to "access" to the shell... my understanding is that 
limiting a users access to dot files is in many ways protecting them from 
themselves and thus maintaining a 'stable' configuration across a large 
number of users (certainly makes it a lot easier for the volunteers!)

There have always been ways to view hidden files but anyone who can use 
vi is 'on their on hook' if they mash a dot file.

As long as a user is logging on through a regular account, their time 
limits will remain in effect. Users that discover and use these 'holes' 
should do suitable pennance... I favour making them write documentation 
but then I have a bias... ;-)

On Sun, 15 Dec 1996, Neale Partington wrote:

> A follow-up to the previous message.
> 
>           ___
>    /|  / /  / Neale Partington
>   / | / /__/ President, Great Plains Free-Net Inc.,
>  /  |/ /    Regina, Sk., Canada         Neale@gpfn.sk.ca
>  GPFN OFFICE (voice):  306-569-8554   MODEM POOL: 306-569-8555
>  Members get access to express lines as well.
> 
> ---------- Forwarded message ----------
> Date: Fri, 13 Dec 1996 11:02:07 -0600 (CST)
> From: Michael Lee <mlee@GPFN1.GPFN.SK.CA>
> To: Robert Greenfield <rhg@GPFN1.GPFN.SK.CA>
> Cc: Gordon Fisch <gfisch@GPFN1.GPFN.SK.CA>,
>     Russell Hauser <russ@rpl.regina.sk.ca>,
>     Daryle Niedermayer <daryle@gpfn.sk.ca>,
>     Neale Partington <neale@gpfn.sk.ca>
> Subject: Re: ** CONFIDENTIAL **
> 
> On Fri, 13 Dec 1996, Robert Greenfield wrote:
> 
> > Our logging system is able to tell us which commands were executed by
> > which user, when, but I am at a loss to get this info. Richard H*? is the
> > source of that info. 
> > 
> > I did poke into ~aa075 as root and I can confirm what Micheal says. Here
> > are some recently modified documents: 
> > 
> > something called '.installdirs.html'
> > 
> > <title>Installation Directory Selection</title>
> > <h1>Choose a destination directory</h1>
> > 
> > something called 'csh.html'
> > 
> > <p>
> > <ol>
> > <LI>Goto csh
> > 
> > This seems to be the recipe that Michael presented. Michael, can you test
> > this one from your aaNNN account? 
> > 
> 
> Yes, that is the same command I used to get into the shell.  My original 
> thought was that he didn't actually get into the shell but just used to 
> same lynxexec commands to activate talk and other unix calls, but now 
> with that link in his pages we are now sure he has been going into the shell.
> 
> 
> > In addition to making the restriction tha Michael suggests we should 1)
> > review our policies and 2) talk with this user. If the discussion with the
> > user develops well, then perhaps the interest, energy and knowledge of
> > this person could be channeled into more constructive avenues, Bob
> 
> I'm sure speaking to this individual should be done soon.  I do believe 
> he is breaking a policy as it is, but I don't which one specifically as I 
> don't have the policies on file.
> 
> ---
> Another suggestion for now could be to not let csuite users see beyond 
> their home directories.  What I mean is when you go files, the first 
> highlight is a ../ link on your page.  Get the lynxdired to not have that 
> link at all unless they are withing a subdirectory in their own 
> directories.  SFN used to have a ../, and one can then go back and view 
> all the directories a system has, yesterday I went to my files and 
> noticed that they no longer have a ../ (back directory) in my home files 
> directory.
> 
> Now, this won't be of much help to unix pros since they are pretty much 
> aware of the dir structure (ie. /usr/bin).  But for someone who doesn't 
> know, not letting them know the directory structures of our system is a 
> great help - afterall I did have to consult my unix shell account for 
> some help when I tried "breaking the system".
> 
> Later.  
> 
> ---
> Michael Lee - mlee@gpfn.sk.ca
> [1] Information Provider (BBS List)... since Aug. '95
> http://www.gpfn.sk.ca/inet/bbslist/index.html
> [2] Public Download Area (PDA) - Macintosh Administrator/Support
> Great Plains Free-Net  -  Regina, Saskatchewan, Canada
> 
> 
> 

---------------------------------------------------------------------
David Potter                http://chebucto.ns.ca/~ab934/Profile.html	  
Cape Breton Real Estate			 http://fox.nstn.ca/~dlpotter
---------------------------------------------------------------------
David Potter                 http://chebucto.ns.ca/CSuite/CSuite.html
Documentation Team                             Chebucto Community Net
============== CSuite - Community Network Software ==================
next message in archive
next message in thread
previous message in archive
Index of Subjects