|
(Page 5 of 7) < Prev 1 2 3 4 5 6 7 Next > Category: Access Control » user privileges runsuid Added 2001-10-22 runsuid runs a script with another user-id/group-id, when the user has the right to do so according to the configuration file. If used in the right combination with access restrictions this can ease the life of system administrators. Additionally, it can be used for running CGI-scripts as different fixed users. NTsu 2.5 Added 2001-10-22 NTsu is a software utility for Windows NT and is especially useful for administrators. NTsu enables interactive multiuser impersonation, multidesktop capabilitites, and self impersonation files to Windows NT. NTsu allows you to run programs in the security context of any user in your system or domain without logoff and relogon. NTsu also allows you to have simultaneously multiple desktops for differents users, and you can easily switch from one to another. With NTsu shell extensions you can define and execute self impersonated files that work like SUID Unix files. NTsu is UNICODE. Sudo Added 2001-10-22 Sudo is a utility that allows administrators to give limited access to root privileges to users, and log activity associated with the use of sudo. This allows for giving people the access they need, without the need to give full root access. ACUA Added 2001-10-22 ACUA is a software package designed to facilitate the administration of user accounts and the enforcement of access restrictions on a Linux system. ACUA is most often used on systems that host modem pools such as ISPs, BBSs, School Dial-Ups and Business Dial-Ups. However, if you have a close look at ACUA you'll find that you don't need to have a modem pool to make use of it. Chown Added 2001-10-22 CHOWN.ZIP is a GUI NT equivalent to the UNIX tool. Microsoft claims that the ownership process of NTFS file objects in NT is a two-part process, requiring that the user possess the right to take ownership (granted by the original object's owner/admin), then forcing them to execute the ownership right. This is to protect object ownership from "Rogue Administrators". This two-part ownership process is undesirable for administrators, who would prefer to just "give" ownership of file/directory objects to a particular user or group. This tool was written to show that the Owner ACL of a file/directory object can be overwritten with a modified replica Securirty Descriptor and elevated use of the SeRestorePrivilege (Tested to NT SP6). Source Code included with EXE. WinSCP Added 2001-10-22 WinSCP can do all basic operations with files, such as copying and moving (to and from a remote computer). It also allows you to rename files and folders (on both remote and local computer), create new folders (on both remote and local computer), change access rights (only on remote computer) and change groups (only on remote computer). symlink Added 2001-10-22 Dynamic symbolic links are symlinks that do not point to a fixed location. A normal symbolic link refers to the particular location you point it at. If you do: # ln -s tmp /mytmp then when you access /mytmp, you will be pointed at /tmp. Dynamic symlinks, on the other hand, take as the "file" to point to, a more complex specification, and may actually point to several different files, depending on the environment of who is accessing them. So, for example, you may have a symlink which points to /tmp if root is following it, or /nonroottmp if another user is following it, like this: # ln -s ///root/=tmp=nonroottmp /mytmp Now when a root process accesses /mytmp, it will be directed to /tmp, but if a non-root process does the same thing, it will go to /nonroottmp. This is done dynamically in the kernel, so that the same symlink can point to different locations simultaneously, if accessed by two different users. Some dynamic symlink types will also create the target if it is not already there. This can be useful in types such as the uid type where the name of the destination may be different for each user accessing it. Sentinel Security Toolkit Added 2001-10-22 Sentinel is a fast file scanner similar to Tripwire or Viper with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database. Disclaimer: this is not a security toolkit. It is a single purpose file/drive scanning program. Available versions are for linux (tested on all current Slackware and RedHat releases), with Irix versions soon to be added on. Qmail alternative checkpassword suite Added 2001-10-22 This package contains an alternative "checkpassword" program for the Qmail POP server. Authentification is done with its own /etc/passwd-style database, in a file called "/etc/poppasswd". That file maps pop logins to the path where their mails are stored, and the real UID the server should fetch them as. Logins can be different from system ones. Passwords can differ, too. All POP accounts can run under a single UID. This is an enhanced release of my good'ol "checklocalpwd.c" file. The package contains some documentation, a script for easy installation, a program to create an initial database, and another program to easily update passwords. Pseudo Added 2001-10-22 Pseudo is a drag-and-drop application that allows you to launch other applications in the OSX Desktop as the System Administrator or 'root'. Browse by category |
|
|
Privacy Statement |
