Re: [expert] What is wheel is it safe how do I use it?
James Sparenberg wrote: I could create 100 UID 0 users on a box... which is the same thing OK then perhaps I am makeing unexplained jumps in my train of thought. windows does but root ralph admin or whatever you want to call it it's still the same.. A rose by any other name kind of thing. Now you I didn't mean to imply the creation of accounts with UID 0. I meant user accounts belonging to an administrative group that allows access to su command. Only the group wouldn't need to be named wheel. Actually, I am likeing David Guntner's idea about using sudo instead and for the same reasons he quotes. Namely the resulting log entry. can set up ssh so that you can't directly log is as root but if you remove totally the ability of root to log in (by removing it's shell) and other names are UID 0 the affective change is null You won't stop hackers... they don't su to root they su to UID 0 which is what any user has to have in order to be god. I've done this on boxes (honey-pots of sort) created a second UID 0 user named whatever it might be named. It doesn't slow anything down.. on Windows or Linux but It can be done. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
I don't find myself particularly impressed by it then I am afraid. Specifically I am refering to the use of a standardized name for the group. I mean wouldn't it be better to create an admin group with a misleading name that sounds like it is used by a program or one that sounds like the exact opposite of what it is or perhaps one that has no specific meaning? One might even create a fake user account for su ownershp and put the admin users in that accounts group while restricting that user from ever logging on. One might then also restrict the permissions on su sufficiently that an ordinary user cannot display who owns it. Michael Viron wrote: You can use linux to lock out su access to only the wheel group. The steps are: Change the group ownership on su to root:wheel . Next, remove execute permission from other on su. Michael -- Michael Viron Core System Administration Team Simple End User Linux At 04:03 PM 12/28/2002 -0800, you wrote: I can tell you how it's used in BSD nix although I haven't seen it used for much in Linux. In BSD only users in who's primary group is wheel can su to root. All others are locked out. Groups also allow for access control to files / directories etc. One just needs to edit /etc/group to remove and or add a user to a group and give/remove access. James On Sat, 2002-12-28 at 13:39, Jim C wrote: My understanding is that there is a group called wheel that allows a user to have administrative privileges. I remember trying to get it to work some time ago but I've never been successful. This may have been because of my msec setting or something but I don't know. Can anybody give me tips on it's use? __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
No matter what you call it, root is still UID 0 ('zero'). A cracker can simply use 'UID 0' instead of 'root'. In other words, there is no real use in renaming the root user. On Sun, 29 Dec 2002 01:32:45 -0800, Jim C [EMAIL PROTECTED] wrote: I don't find myself particularly impressed by it then I am afraid. Specifically I am refering to the use of a standardized name for the group. I mean wouldn't it be better to create an admin group with a misleading name that sounds like it is used by a program or one that sounds like the exact opposite of what it is or perhaps one that has no specific meaning? One might even create a fake user account for su ownershp and put the admin users in that accounts group while restricting that user from ever logging on. One might then also restrict the permissions on su sufficiently that an ordinary user cannot display who owns it. Michael Viron wrote: You can use linux to lock out su access to only the wheel group. The steps are: Change the group ownership on su to root:wheel . Next, remove execute permission from other on su. Michael -- Michael Viron Core System Administration Team Simple End User Linux At 04:03 PM 12/28/2002 -0800, you wrote: I can tell you how it's used in BSD nix although I haven't seen it used for much in Linux. In BSD only users in who's primary group is wheel can su to root. All others are locked out. Groups also allow for access control to files / directories etc. One just needs to edit /etc/group to remove and or add a user to a group and give/remove access. James On Sat, 2002-12-28 at 13:39, Jim C wrote: My understanding is that there is a group called wheel that allows a user to have administrative privileges. I remember trying to get it to work some time ago but I've never been successful. This may have been because of my msec setting or something but I don't know. Can anybody give me tips on it's use? -- Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/] Never over-design. Never think Hmm, maybe somebody would find this useful. Start from what you know people _have_ to have, and try to make that set smaller. When you can make it no smaller, you've reached one point. That's a good point to start from - use that for some real implementation. -- Linus Torvalds Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
Really? I mean if you create an admin user can't you then restrict root from ever logging on? Sridhar Dhanapalan wrote: No matter what you call it, root is still UID 0 ('zero'). A cracker can simply use 'UID 0' instead of 'root'. In other words, there is no real use in renaming the root user. On Sun, 29 Dec 2002 01:32:45 -0800, Jim C [EMAIL PROTECTED] wrote: I don't find myself particularly impressed by it then I am afraid. Specifically I am refering to the use of a standardized name for the group. I mean wouldn't it be better to create an admin group with a misleading name that sounds like it is used by a program or one that sounds like the exact opposite of what it is or perhaps one that has no specific meaning? One might even create a fake user account for su ownershp and put the admin users in that accounts group while restricting that user from ever logging on. One might then also restrict the permissions on su sufficiently that an ordinary user cannot display who owns it. Michael Viron wrote: You can use linux to lock out su access to only the wheel group. The steps are: Change the group ownership on su to root:wheel . Next, remove execute permission from other on su. Michael -- Michael Viron Core System Administration Team Simple End User Linux At 04:03 PM 12/28/2002 -0800, you wrote: I can tell you how it's used in BSD nix although I haven't seen it used for much in Linux. In BSD only users in who's primary group is wheel can su to root. All others are locked out. Groups also allow for access control to files / directories etc. One just needs to edit /etc/group to remove and or add a user to a group and give/remove access. James On Sat, 2002-12-28 at 13:39, Jim C wrote: My understanding is that there is a group called wheel that allows a user to have administrative privileges. I remember trying to get it to work some time ago but I've never been successful. This may have been because of my msec setting or something but I don't know. Can anybody give me tips on it's use? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
Oh you can... BUT if the admin user is UID 0 then admin == root if the admin user != root and != UID 0 then the admin user doesn't have full root ability... unless you stand on your head with permissions. James On Sun, 2002-12-29 at 13:00, Jim C wrote: Really? I mean if you create an admin user can't you then restrict root from ever logging on? Sridhar Dhanapalan wrote: No matter what you call it, root is still UID 0 ('zero'). A cracker can simply use 'UID 0' instead of 'root'. In other words, there is no real use in renaming the root user. On Sun, 29 Dec 2002 01:32:45 -0800, Jim C [EMAIL PROTECTED] wrote: I don't find myself particularly impressed by it then I am afraid. Specifically I am refering to the use of a standardized name for the group. I mean wouldn't it be better to create an admin group with a misleading name that sounds like it is used by a program or one that sounds like the exact opposite of what it is or perhaps one that has no specific meaning? One might even create a fake user account for su ownershp and put the admin users in that accounts group while restricting that user from ever logging on. One might then also restrict the permissions on su sufficiently that an ordinary user cannot display who owns it. Michael Viron wrote: You can use linux to lock out su access to only the wheel group. The steps are: Change the group ownership on su to root:wheel . Next, remove execute permission from other on su. Michael -- Michael Viron Core System Administration Team Simple End User Linux At 04:03 PM 12/28/2002 -0800, you wrote: I can tell you how it's used in BSD nix although I haven't seen it used for much in Linux. In BSD only users in who's primary group is wheel can su to root. All others are locked out. Groups also allow for access control to files / directories etc. One just needs to edit /etc/group to remove and or add a user to a group and give/remove access. James On Sat, 2002-12-28 at 13:39, Jim C wrote: My understanding is that there is a group called wheel that allows a user to have administrative privileges. I remember trying to get it to work some time ago but I've never been successful. This may have been because of my msec setting or something but I don't know. Can anybody give me tips on it's use? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
Well what about the su command? Can't you get full root access with it? I mean at least as much as anyone would need. Here is the thing. On a Windows XP system you can desginate administrative users. When the system detetects that there are administrative users available it automatically disables the Administrator account (i.e. you can no longer logon as same). The reverse is true also. When you remove all of the administrative users you'll notice that the Administrator account is enabled. The advantage of this should be that it makes it harder to guess which accounts are administrative makeing it much more difficult to automate such activities. Is it not true then that in the same manner one might fix it so that root can't logon while specifying admin users by using a group in the same style as wheel (i.e. limit access to the su command), only that in using a group name that is something other than wheel you make it more difficult? James Sparenberg wrote: Oh you can... BUT if the admin user is UID 0 then admin == root if the admin user != root and != UID 0 then the admin user doesn't have full root ability... unless you stand on your head with permissions. James On Sun, 2002-12-29 at 13:00, Jim C wrote: Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
I could create 100 UID 0 users on a box... which is the same thing windows does but root ralph admin or whatever you want to call it it's still the same.. A rose by any other name kind of thing. Now you can set up ssh so that you can't directly log is as root but if you remove totally the ability of root to log in (by removing it's shell) and other names are UID 0 the affective change is null You won't stop hackers... they don't su to root they su to UID 0 which is what any user has to have in order to be god. I've done this on boxes (honey-pots of sort) created a second UID 0 user named whatever it might be named. It doesn't slow anything down.. on Windows or Linux but It can be done. James On Sun, 2002-12-29 at 14:49, Jim C wrote: Well what about the su command? Can't you get full root access with it? I mean at least as much as anyone would need. Here is the thing. On a Windows XP system you can desginate administrative users. When the system detetects that there are administrative users available it automatically disables the Administrator account (i.e. you can no longer logon as same). The reverse is true also. When you remove all of the administrative users you'll notice that the Administrator account is enabled. The advantage of this should be that it makes it harder to guess which accounts are administrative makeing it much more difficult to automate such activities. Is it not true then that in the same manner one might fix it so that root can't logon while specifying admin users by using a group in the same style as wheel (i.e. limit access to the su command), only that in using a group name that is something other than wheel you make it more difficult? James Sparenberg wrote: Oh you can... BUT if the admin user is UID 0 then admin == root if the admin user != root and != UID 0 then the admin user doesn't have full root ability... unless you stand on your head with permissions. James On Sun, 2002-12-29 at 13:00, Jim C wrote: __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is 'wheel' is it safe how do I use it?
Jim C said: Really? I mean if you create an admin user can't you then restrict root from ever logging on? What do you mean by create an admin user? Root is root. For some things, you've *got* to be root to make them work. As to restricting root login, that's easy. Your sshd config file has an option called PermitRootLogin (or something similar). Set that to no, and a direct root login will fail, even if they get the password right. For myself, I only allow members of group wheel to be able to su to root once they've logged in. That way, if someone takes advantage of some exploit in the web server to to end up in a shell as the apache user (as an example), they can try su'ing all day and even if they were to already know the root password, they wouldn't be able to get in. sudo is your friend. :-) Someone else mentioned simply setting /bin/su to group and owner executable with permissions turned off for other, and then making it part of group wheel to do this, but I like limiting it to using sudo - that way, I've got a log entry of who did it and when. Not that I distrust any user that I would give root access to (if I did, they wouldn't get it :), but it's always nice to know when someone does something like that. --Dave Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
I can tell you how it's used in BSD nix although I haven't seen it used for much in Linux. In BSD only users in who's primary group is wheel can su to root. All others are locked out. Groups also allow for access control to files / directories etc. One just needs to edit /etc/group to remove and or add a user to a group and give/remove access. James On Sat, 2002-12-28 at 13:39, Jim C wrote: My understanding is that there is a group called wheel that allows a user to have administrative privileges. I remember trying to get it to work some time ago but I've never been successful. This may have been because of my msec setting or something but I don't know. Can anybody give me tips on it's use? __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
According to http://www.mandrakesecure.net/en/docs/msec.php, the wheel group only appears to be active in msec level 5 (Paranoid). On 28 Dec 2002 16:03:02 -0800, James Sparenberg [EMAIL PROTECTED] wrote: I can tell you how it's used in BSD nix although I haven't seen it used for much in Linux. In BSD only users in who's primary group is wheel can su to root. All others are locked out. Groups also allow for access control to files / directories etc. One just needs to edit /etc/group to remove and or add a user to a group and give/remove access. James On Sat, 2002-12-28 at 13:39, Jim C wrote: My understanding is that there is a group called wheel that allows a user to have administrative privileges. I remember trying to get it to work some time ago but I've never been successful. This may have been because of my msec setting or something but I don't know. Can anybody give me tips on it's use? -- Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/] Nothing would please me more than being able to hire ten programmers and deluge the hobby market with good software. -- Bill Gates, 'An Open Letter to Hobbyists', 1976-02-03 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
You can use linux to lock out su access to only the wheel group. The steps are: Change the group ownership on su to root:wheel . Next, remove execute permission from other on su. Michael -- Michael Viron Core System Administration Team Simple End User Linux At 04:03 PM 12/28/2002 -0800, you wrote: I can tell you how it's used in BSD nix although I haven't seen it used for much in Linux. In BSD only users in who's primary group is wheel can su to root. All others are locked out. Groups also allow for access control to files / directories etc. One just needs to edit /etc/group to remove and or add a user to a group and give/remove access. James On Sat, 2002-12-28 at 13:39, Jim C wrote: My understanding is that there is a group called wheel that allows a user to have administrative privileges. I remember trying to get it to work some time ago but I've never been successful. This may have been because of my msec setting or something but I don't know. Can anybody give me tips on it's use? __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is wheel is it safe how do I use it?
You are correct... but it still leaves a lot of the other features from BSD missing. or if they do exist in Linux not working quite the same.. Don't misunderstand I'm not complaining... just noteing the difference James On Sat, 2002-12-28 at 19:47, Michael Viron wrote: You can use linux to lock out su access to only the wheel group. The steps are: Change the group ownership on su to root:wheel . Next, remove execute permission from other on su. Michael -- Michael Viron Core System Administration Team Simple End User Linux At 04:03 PM 12/28/2002 -0800, you wrote: I can tell you how it's used in BSD nix although I haven't seen it used for much in Linux. In BSD only users in who's primary group is wheel can su to root. All others are locked out. Groups also allow for access control to files / directories etc. One just needs to edit /etc/group to remove and or add a user to a group and give/remove access. James On Sat, 2002-12-28 at 13:39, Jim C wrote: My understanding is that there is a group called wheel that allows a user to have administrative privileges. I remember trying to get it to work some time ago but I've never been successful. This may have been because of my msec setting or something but I don't know. Can anybody give me tips on it's use? __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com