Justin Zygmont wrote:
If you have root jailed users by configuring the ftpaccess file, but have ssh installed, all they have to do is sftp in and go wherever they want. It's a relief to know that at least they can't grab the shadow file too.Ok, you've got me confused. I did not think the ftpaccess file had anything to do with sftp. My ftpaccess file is the default, and it does not allow root ftp access. Yet, I can sftp to another machine as root.
I just found a quck way to disable this however, in the /etc/ssh/sshd_config comment out the line: Subsystem sftp /usr/libexec/openssh....
Yes, a non-root user can go anywhere they want. But try this:
(as a non-root user):
sftp some_host_name
sftp> cd /var/log
sftp> get messages
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
