I'm not saying that it's the best way to do things, but they did ask if it was possible....
It's much better to have users you trust on your box then to have ones you don't. Actually, the below is only part of the answer....there is something in the shells that can be done to ignore any executables under a user directory, for example...I've never actually done it, but I've been on servers that were set up that way. Michael -- Michael Viron Core Systems Administration Team Simple End User Linux At 01:21 PM 5/14/2002 -0700, you wrote: >Michael Viron wrote: > >> Change the group ownership on su to root:wheel . >> Next, remove execute permission from "other" on su. > >I have to say I find this option kind of puzzling. >What's the rationale exactly? Why couldn't an >opponent who knew the root pword just execute >his *own* copy of su? It seems it would have nuisance >value at best. Not that nuisance value couldn't be of >some practical use, provided the security admin doesn't >think it's a substitute for safeguarding passwords. > >Or maybe it's to prevent *inadvertant* rather than malicious >damage? Something like: People in our group might find >out the root pword and be tempted to su to quick-fix some >difficulty they're having, then they might break something >and we wouldn't know who was responsible, so we'll just >remove the temptation? I guess that makes a certain amount >of sense, but it's not terribly flattering to your coworkers. > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
