|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
With the Unix commands ps, finger, who and (for Unix SVR4) listusers, information can be obtained about a user (e.g. method of working). Consideration should be given as to whether or not every user should be allowed to execute these commands (data privacy, unauthorised disclosure of log-in names, and the like). In case of doubt, access to these commands should be restricted.
When commands are invoked, no sensitive information, e.g. a password, should be entered as a parameter, as other users could view this entry with ps.
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: Januar 2000 |