openssh ignores locked account using public key authentication

Andrew McNabb amcnabb at mcnabbs.org
Tue Oct 4 15:15:47 MDT 2005


On Tue, Oct 04, 2005 at 03:05:00PM -0600, Ross Werner wrote:
> 
> Does that work to completely lock someone out?
> 

I guess it all depends on how you define completely locking someone out.
A user can always find a world writeable directory such as /tmp and put
a setuid binary there.  Even if their account is completely deleted
(removed from /etc/passwd), they can still access any files in their
home directory as long as they can use someone else's account. :)

[back in time]

It reminds me of going over quota on an IRIX box (at least in the
1990s).  If you didn't want to delete any files, you could just chown
some of them to some other user.

-- 
Andrew McNabb
http://www.mcnabbs.org/andrew/
PGP Fingerprint: 8A17 B57C 6879 1863 DE55  8012 AB4D 6098 8826 6868
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20051004/cf4a5fa0/attachment.bin 


More information about the PLUG mailing list