/etc/profile question

mmccaskill · 2006-09-28 17:01:01

Is it a good idea to give /sbin and /usr/sbin access to non-root users? Should there be a check for this?

tom.deb · 2006-09-28 21:31:29

to me /sbin and /usr/sbin should not be in PATH, those binaries are so crucial you might want to be sure you run the correct one ! but I know it's OTT.

On a desktop were only trusted users have accounts, you can afford not to bother too much. On a server, take them out of your $PATH !

klapmuetz · 2006-09-29 11:06:53

How about you try to look at the benefits you gain from putting /sbin and /usr/sbin only in the PATH to root users.

Pro:
You inconvenience your user.
(Non-legitimate ones)

Contra:
You inconvenience your user.
(Legimate ones)

phrakture · 2006-09-29 15:00:42

OMG klapmuetz is back? and posting on the forums? Armageddon is coming!

codemac · 2006-09-29 15:58:44

KLAPMUETZ!!!!

Come back to t3h irc.

klapmuetz · 2006-10-02 09:17:49

I will.

But THEY fucked my Internet Connection. THEY are after me.

And check what they did to make the real-life satire complete:

They installed an Access Point with MAC-Address Whitelisting and no WEP or WPA encryption.

BUT!

They don't have any machine connected to that thing. Hence I can't see what MAC-Addresses are actually whitelisted. I cried night after night.

THEY fooled us all, especially you.

allucid · 2006-10-02 11:54:17

I have them in my path and I don't know of any adverse affects. Some commands can be partially used by users (such as ifconfig).

iphitus · 2006-10-02 13:17:25

klapmuetz wrote:

I will.
But THEY fucked my Internet Connection. THEY are after me.
And check what they did to make the real-life satire complete:
They installed an Access Point with MAC-Address Whitelisting and no WEP or WPA encryption.
BUT!
They don't have any machine connected to that thing. Hence I can't see what MAC-Addresses are actually whitelisted. I cried night after night.
THEY fooled us all, especially you.

kismet?

allucid · 2006-10-02 13:57:45

klapmuetz wrote:

They installed an Access Point with MAC-Address Whitelisting and no WEP or WPA encryption.
BUT!
They don't have any machine connected to that thing. Hence I can't see what MAC-Addresses are actually whitelisted. I cried night after night.
THEY fooled us all, especially you.

Start trying all MAC addresses sequentially. There's only 2^48.

Or try sniffing overnight.

klapmuetz · 2006-10-04 09:31:07

iphitus wrote:

kismet?

I probably didn't express myself very clearly. kismet will not help me in this situation.
If nobody is using the AP, there is no traffic.
If there is no traffic, I can not read out MAC-Addresses. Hence I can not spoof them.

allucid:
I tried several nights... I guess it's just a wlanrouter that is used as a normal router/switch combination. That's what makes the story so lame. :-P

@Topic:

Sorry for Highjacking the thread. I won't do it again. I promise. :-P

neotuli · 2006-10-05 04:48:03

I think the topic said thank you, but I'm not sure.

On another note, I don't think having sbin's in the path really makes any difference, after all... a regular user has very little power to really mess anything up, even if they are able to execute them.

Arch Linux

#1 2006-09-28 17:01:01

/etc/profile question

#2 2006-09-28 21:31:29

Re: /etc/profile question

#3 2006-09-29 11:06:53

Re: /etc/profile question

#4 2006-09-29 15:00:42

Re: /etc/profile question

#5 2006-09-29 15:58:44

Re: /etc/profile question

#6 2006-10-02 09:17:49

Re: /etc/profile question

#7 2006-10-02 11:54:17

Re: /etc/profile question

#8 2006-10-02 13:17:25

Re: /etc/profile question

#9 2006-10-02 13:57:45

Re: /etc/profile question

#10 2006-10-04 09:31:07

Re: /etc/profile question

#11 2006-10-05 04:48:03

Re: /etc/profile question

Board footer