Professional Web Applications Themes

Disabled Shell Access? - Mac Applications & Software

In article <vi0vprg03jg60corp.supernews.com>, Gene Tolli <geeteecharter.net> wrote: >I recently upgraded from OS9.2.2 to Jaguar, and so far I've been very >pleased with the new OS. I've been using the Sams TYS OSX book to help >with the transition. > >Tonight I was working through Chapter 23: Security Considerations. The >authors recommend disabling shell access for non-admin accounts using >the following scheme: > >1. Open a Terminal window. >2. Type cd /bin [return] >3. Type sudo chmod o-x *sh [return] >4. Close the Terminal window. > >I was logged in as admin, and typed "logout" before quitting Terminal. > >My problem: ...

  1. #1

    Default Re: Disabled Shell Access?

    In article <vi0vprg03jg60corp.supernews.com>,
    Gene Tolli <geeteecharter.net> wrote:
    >I recently upgraded from OS9.2.2 to Jaguar, and so far I've been very
    >pleased with the new OS. I've been using the Sams TYS OSX book to help
    >with the transition.
    >
    >Tonight I was working through Chapter 23: Security Considerations. The
    >authors recommend disabling shell access for non-admin accounts using
    >the following scheme:
    >
    >1. Open a Terminal window.
    >2. Type cd /bin [return]
    >3. Type sudo chmod o-x *sh [return]
    >4. Close the Terminal window.
    >
    >I was logged in as admin, and typed "logout" before quitting Terminal.
    >
    >My problem: now I don't seem able to access the command line from *any*
    >account, even as admin. The Terminal window has the heading "Command
    >Completed", and contains the message:
    >
    >[Process exited - exit code 101]
    >
    >I can't type anything, all I get is an error chime.
    >
    >Could anyone explain what I've done, and - if possible - how I might
    >undo it?
    >
    >Thanks in advance.
    You've made it so only user 'root' or a member of of the group 'wheel'
    can execute a shell. No shell means no login. I don't know why you'd
    want to do such a thing when the Sharing control panel lets you turn off
    remote logins.

    Reboot while holding down Option-S. Type:

    cd /bin
    chmod o+x *sh
    logout

    That will undo what you did. Repairing permissions with Disk Utility
    might do the trick too.
    Kevin McMurtrie Guest

  2. #2

    Default Re: Disabled Shell Access?

    On Thu, 24 Jul 2003 19:52:10 -0500, Gene Tolli wrote: 
     
     
     
     
     
     
     

    Launch NetInfo Manager and authenticate as an administrator.

    Select "Enable Root User" from the Security menu. Enter a root password
    when asked.

    Under "System Preferences" select "Accounts". While you're there, you
    might uncheck the box marked "Log in automatically as ...", but I think
    this step is not really necessary.

    Still under "Accounts", click on the "Login Options" tab and click to
    Display Login Window as: Name and Password.

    Under the Apple Menu select "Log Out".

    When the Login window appears, type "root" as the login name and enter
    the password you chose.

    In a Terminal window, type "chmod o+x /bin/*sh".

    Log out. (Using the Apple menu, not the Terminal command line).

    Log in on the Admin Account.

    Launch NetInfo Manager, authenticate as an administrator, and select
    "Disable Root User" from the Security menu. Ordinarily, you can rely on
    "sudo" to carry out all your administrative tasks, but this is a rare
    exception. From an admin account, you need to get an executable shell in
    order to use the "sudo" command in the first place, and you made all your
    shells non-executable except by "root" or a member of the "wheel" group
    (and by default, the only member of the "wheel" group is root).

    Finally, get rid of that book.

    --
    Dave Seaman
    Judge Yohn's mistakes revealed in Mumia Abu-Jamal ruling.
    <http://www.commoncouragepress.com/index.cfm?action=book&bookid=228>
    Dave Guest

  3. #3

    Default Re: Disabled Shell Access?

    In article <supernews.com>,
    Gene Tolli <net> wrote: 

    Well, that SHOULD have worked. It's a really dumb "security" measure,
    but it still should have worked.

    Go to the Finder and "Go To Folder" /bin. Find the 'tcsh' file and
    change its owner to you. Start a Terminal; you should get a shell.
    Now

    type cd /bin
    type sudo chmod o+x *sh
    type sudo chown root tcsh

    --
    Matthew T. Russotto net
    "Extremism in defense of liberty is no vice, and moderation in pursuit
    of justice is no virtue." But extreme restriction of liberty in pursuit of
    a modi of security is a very expensive vice.
    Matthew Guest

  4. #4

    Default Re: Disabled Shell Access?

    << >My problem: now I don't seem able to access the command line from *any* 

    Well, that SHOULD have worked. It's a really dumb "security" measure,
    but it still should have worked. >><BR><BR>


    It did. Now the system is safe from someone who doesn't know what they are
    doing.
    GrapeApe Guest

Similar Threads

  1. #39513 [NEW]: URL file-access is disabled when allow_url_fopen = On
    By scott at html dot info in forum PHP Bugs
    Replies: 2
    Last Post: November 14th, 06:49 PM
  2. Help! Contribute has disabled access to my websites
    By shirleygoodwin in forum Macromedia Contribute General Discussion
    Replies: 1
    Last Post: February 21st, 12:26 PM
  3. [PHP] session_start() || shell access problem......
    By Cf High in forum PHP Development
    Replies: 6
    Last Post: September 21st, 05:36 PM
  4. Replies: 0
    Last Post: August 22nd, 10:37 PM
  5. 7/17 "Security Patches" disabled my network access
    By John Fitzmaurice in forum Windows Networking
    Replies: 1
    Last Post: July 17th, 04:28 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139