openssh ignores locked account using public key authentication
amcnabb at mcnabbs.org
Tue Oct 4 15:15:47 MDT 2005
On Tue, Oct 04, 2005 at 03:05:00PM -0600, Ross Werner wrote:
> Does that work to completely lock someone out?
I guess it all depends on how you define completely locking someone out.
A user can always find a world writeable directory such as /tmp and put
a setuid binary there. Even if their account is completely deleted
(removed from /etc/passwd), they can still access any files in their
home directory as long as they can use someone else's account. :)
[back in time]
It reminds me of going over quota on an IRIX box (at least in the
1990s). If you didn't want to delete any files, you could just chown
some of them to some other user.
PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 186 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20051004/cf4a5fa0/attachment.bin
More information about the PLUG