I could create 100 UID 0 users on a box... which is the same thing windows does.... but root ralph admin or whatever you want to call it it's still the same.. A rose by any other name kind of thing. Now you can set up ssh so that you can't directly log is as root but if you remove totally the ability of root to log in (by removing it's shell) and other names are UID 0 the affective change is null.... You won't stop hackers... they don't su to root they su to UID 0 which is what any user has to have in order to be god. I've done this on boxes.... (honey-pots of sort) created a second UID 0 user named whatever it might be named. It doesn't slow anything down.. on Windows or Linux.... but .... It can be done.
James On Sun, 2002-12-29 at 14:49, Jim C wrote: > Well what about the su command? Can't you get full root access with it? > I mean at least as much as anyone would need. > > Here is the thing. On a Windows XP system you can desginate > administrative users. When the system detetects that there are > administrative users available it automatically disables the > "Administrator" account (i.e. you can no longer logon as same). The > reverse is true also. When you remove all of the administrative users > you'll notice that the "Administrator" account is enabled. The > advantage of this should be that it makes it harder to guess which > accounts are administrative makeing it much more difficult to automate > such activities. > > Is it not true then that in the same manner one might fix it so that > root can't logon while specifying admin users by using a group in the > same style as wheel (i.e. limit access to the su command), only that in > using a group name that is something other than "wheel" you make it more > difficult? > > James Sparenberg wrote: > > Oh you can... BUT if the admin user is UID 0 then admin == root if the > > admin user != root and != UID 0 then the admin user doesn't have full > > root ability... unless you stand on your head with permissions. > > > > James > > > > > > On Sun, 2002-12-29 at 13:00, Jim C wrote: > > > > > > > ______________________________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
