All Questions
Tagged with access-controlsecurity
29 questions
3votes
1answer
813views
What effect has "+:ALL:cron crond" in /etc/security/access.conf?
I am refining our rules in /etc/securiy/access.conf. I found the following rule and I am not sure what it is used for: +:ALL:cron crond According to the man page of access.conf it means something ...
0votes
1answer
4kviews
Restrict user to switch to root user but have all commands to execute
I want to provide a user to execute all command what a root user can do except from switching to root user. SO I added as below in sudoers file in centos7/redhat7 guest ALL=(ALL:ALL) NOPASSWD: ALL,!/...
- 223
0votes
0answers
209views
SSH Restrict User Access
When I ssh into the machine as webmaster I ssh into the correct chroot directory var/www/domainname/public_html but I can still access the entire filesystem. I have changed the home ssh directory of ...
3votes
0answers
367views
AWS - Stack creation - How to assign an inline policy to adhoc user?
Background: With cross account role someaccountrole, I have access to aws account xyz. Case 1 To create a stack in account xyz, we upload the Cloudformation file through console. Amidst stack ...
- 1,586
14votes
1answer
6kviews
Restrict local port access to a specific user
I'm trying to restrict access to a particular port for a particular user on my Debian. Let's say user's id is 1000 and port I would like to block is 5000. I tried using iptables with the following ...
0votes
1answer
46views
Who have previously accessed a shared file?
I just discovered a mistake in the permissions setting of our system. It's kind of serious because it allows normal users to access something they shouldn't see. Currently the mistake has been fixed, ...
- 431
2votes
1answer
642views
Isolate/prevent files from being accessed by untrusted processes
Goal To defend against malware (or even compromised open source libraries) that would scan the filesystem and exfiltrate data. Question I have a certain path in my filesystem that I want only a ...
- 7,817
0votes
1answer
223views
Give program access to only directories below cwd
Say I run a program like so: cd foo && program x y z How can I give program access to only the directories in foo and below? Pretend my fs looks like: $HOME/ foo/ bar/ baz/ if I run ...
- 10.6k
0votes
0answers
695views
(AppArmor) Does allowing a confined program to execute another binary unconfined ruin security?
I have recently tried to get to know SELinux and AppArmor and then decided to use AppArmor for its simplicity. I started writing some profiles using aa-genprof and aa-logprof but big programs like ...
- 111
0votes
1answer
114views
Running unknown apps securely
What would be the fastest way to run unknown scripts and apps in *nix environments? For example, to forbid writing and reading outside the working directory. Or to restrict access to hardware and ...
1vote
0answers
62views
How to install remote public X server without compromising machine running it?
I currently have headless rsyslog/network monitoring server which is kind of critical in terms of security and access control. On the other hand this machine stays relatively close to presentation ...
- 1,343
1vote
1answer
835views
Is it MAC or DAC
I am having trouble seeing the utility or use of the LSM attribute/caps implementations. I've put together a pseudo code snippet of sorts to try to express my concern and question. It's modeled ...
user33567
12votes
2answers
21kviews
Can users in a group access a file that is in another user's home directory?
I have 3 users A,B and C inside a group 'admin'. I have another user 'D' in whose home directory, there is a project folder. I have made D as the owner of that folder and assigned 'admin' as the group ...
- 223
2votes
1answer
6kviews
How can I tell if someone has connected to my machine remotely?
One thing I have found very disappointing in computing is the lack of notification when someone connects to your computer. I do a lot of remote work and when I connect to anothers machine they get no ...
16votes
3answers
13kviews
Is it a good practice to run a daemon under a non-root user account?
I've developed an application that uses NTP to change the network time, to sync two of my computers. It runs as root, since only the latter is allowed to change the time and date on Linux(I guess). ...
