No matter what you call it, root is still UID 0 ('zero'). A cracker can simply
use 'UID 0' instead of 'root'. In other words, there is no real use in renaming
the root user.On Sun, 29 Dec 2002 01:32:45 -0800, Jim C <[EMAIL PROTECTED]> wrote: > I don't find myself particularly impressed by it then I am afraid. > Specifically I am refering to the use of a standardized name for the > group. I mean wouldn't it be better to create an admin group with a > misleading name that sounds like it is used by a program or one that > sounds like the exact opposite of what it is or perhaps one that has no > specific meaning? One might even create a fake user account for su > ownershp and put the admin users in that accounts group while > restricting that user from ever logging on. One might then also > restrict the permissions on su sufficiently that an ordinary user cannot > display who owns it. > > Michael Viron wrote: > > You can use linux to lock out "su" access to only the wheel group. > > > > The steps are: > > Change the group ownership on su to root:wheel . > > Next, remove execute permission from "other" on su. > > > > Michael > > > > -- > > Michael Viron > > Core System Administration Team > > Simple End User Linux > > > > > > At 04:03 PM 12/28/2002 -0800, you wrote: > > > >>I can tell you how it's used in BSD nix although I haven't seen it used > >>for much in Linux. In BSD only users in who's primary group is wheel > >>can su to root. All others are locked out. Groups also allow for > >>access control to files / directories etc. One just needs to edit > >>/etc/group to remove and or add a user to a group and give/remove > >>access. > >> > >>James > >> > >> > >>On Sat, 2002-12-28 at 13:39, Jim C wrote: > >> > >>>My understanding is that there is a group called "wheel" that allows a > >>>user to have administrative privileges. I remember trying to get it to > >>>work some time ago but I've never been successful. This may have been > >>>because of my msec setting or something but I don't know. Can anybody > >>>give me tips on it's use? -- Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/] "Never over-design. Never think "Hmm, maybe somebody would find this useful". Start from what you know people _have_ to have, and try to make that set smaller. When you can make it no smaller, you've reached one point. That's a good point to start from - use that for some real implementation." -- Linus Torvalds
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
