James Sparenberg wrote:
I could create 100 UID 0 users on a box... which is the same thing
OK then perhaps I am makeing unexplained jumps in my train of thought.
windows does but root ralph admin or whatever you want to call it
it's still the same.. A rose by any other name kind of thing.
Jim C said:
>
> Really? I mean if you create an admin user can't you then restrict root
> from ever logging on?
What do you mean by "create an admin user?"
Root is root. For some things, you've *got* to be root to make them work.
As to restricting root login, that's easy. Your sshd config fi
I could create 100 UID 0 users on a box... which is the same thing
windows does but root ralph admin or whatever you want to call it
it's still the same.. A rose by any other name kind of thing. Now you
can set up ssh so that you can't directly log is as root but if you
remove totally the abil
Well what about the su command? Can't you get full root access with it?
I mean at least as much as anyone would need.
Here is the thing. On a Windows XP system you can desginate
administrative users. When the system detetects that there are
administrative users available it automatically disa
Oh you can... BUT if the admin user is UID 0 then admin == root if the
admin user != root and != UID 0 then the admin user doesn't have full
root ability... unless you stand on your head with permissions.
James
On Sun, 2002-12-29 at 13:00, Jim C wrote:
> Really? I mean if you create an admin u
Really? I mean if you create an admin user can't you then restrict root
from ever logging on?
Sridhar Dhanapalan wrote:
No matter what you call it, root is still UID 0 ('zero'). A cracker can simply
use 'UID 0' instead of 'root'. In other words, there is no real use in renaming
the root user.
No matter what you call it, root is still UID 0 ('zero'). A cracker can simply
use 'UID 0' instead of 'root'. In other words, there is no real use in renaming
the root user.
On Sun, 29 Dec 2002 01:32:45 -0800, Jim C <[EMAIL PROTECTED]> wrote:
> I don't find myself particularly impressed by it the
I don't find myself particularly impressed by it then I am afraid.
Specifically I am refering to the use of a standardized name for the
group. I mean wouldn't it be better to create an admin group with a
misleading name that sounds like it is used by a program or one that
sounds like the exact
You are correct... but it still leaves a lot of the other features from
BSD missing. or if they do exist in Linux not working quite the
same.. Don't misunderstand I'm not complaining... just noteing the
difference
James
On Sat, 2002-12-28 at 19:47, Michael Viron wrote:
> You can use lin
You can use linux to lock out "su" access to only the wheel group.
The steps are:
Change the group ownership on su to root:wheel .
Next, remove execute permission from "other" on su.
Michael
--
Michael Viron
Core System Administration Team
Simple End User Linux
At 04:03 PM 12/28/2002 -0800, yo
According to http://www.mandrakesecure.net/en/docs/msec.php, the wheel group
only appears to be active in msec level 5 ("Paranoid").
On 28 Dec 2002 16:03:02 -0800, James Sparenberg <[EMAIL PROTECTED]> wrote:
> I can tell you how it's used in BSD nix although I haven't seen it used
> for much in L
I can tell you how it's used in BSD nix although I haven't seen it used
for much in Linux. In BSD only users in who's primary group is wheel
can su to root. All others are locked out. Groups also allow for
access control to files / directories etc. One just needs to edit
/etc/group to remove an
12 matches
Mail list logo
