Re: How to limit it ?

To: Grzegorz Pawel Szostak <grzecho@ikar.mps.com.pl>, Andrius Kasparavicius <andrius@zemrsn.lt>
Cc: debian-isp@lists.debian.org
Subject: Re: How to limit it ?
From: Russell Coker <russell@coker.com.au>
Date: Mon, 15 Nov 1999 18:55:58 +0100
Message-id: <[🔎] 9911151859250P.00788@lyta>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] Pine.LNX.3.96.991115181857.15220A-100000@ikar.mps.com.pl>
References: <[🔎] Pine.LNX.3.96.991115181857.15220A-100000@ikar.mps.com.pl>

On Mon, 15 Nov 1999, Grzegorz Pawel Szostak wrote:
>Sollution is:
>place ulimit with apropriate options in /etc/profile
>Options are:
>-a max address space (KB)
>-c max core file size (KB)
>-d max data size (KB)
>etc..  like it is discribed in limits man page (man limits) but use
>lowercase instead uppercase.
>
>I think it will be enough.
>I think theres no information about it in the Internet.
>
>My next problem is how to hide other lines in /etc/passwd file and
>/etc/group ... One user should see only his own line.
>Any ideas ?

There are several possibilities.  If you just want to discourage casual
browsing then change the /etc/nsswitch.conf file to have
passwd: db

Then make the /etc/passwd file only readable by root and group shadow.  Then
programs such as "ls" will get the data from the database.  Put the following
in a root crontab entry:
make -C /var/lib/misc
Now you have security by obscurity for the contents of /etc/passwd.
If you want more than that try using LDAP for password authentication, but it
is REALLY difficult to setup, and some of the utility programs seem buggy.

I still haven't got LDAP working right...

-- 
Electronic information tampers with your soul.

Reply to:

Follow-Ups:
- Re: How to limit it ?
  - From: Kain <kain@infodump.net>

References:
- Re: How to limit it ?
  - From: Grzegorz Pawel Szostak <grzecho@ikar.mps.com.pl>

Prev by Date: Re: How to limit it ?
Next by Date: Re: How to limit it ?
Previous by thread: Re: How to limit it ?
Next by thread: Re: How to limit it ?
Index(es):
- Date
- Thread