[762] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (G.J.W. Hagenaars)
Mon Jun 10 14:15:05 1996

From: "G.J.W. Hagenaars" <gj@canarie.ca>
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 6 Jun 1996 13:19:59 -0400 (EDT)
Cc: jsdy@cais.cais.com, jjr@zilker.net
In-Reply-To: <199606060755.AA019387709@erasmus.et.tudelft.nl> from "Rogier Wolff" at Jun 6, 96 09:55:09 am

Apparently Rogier Wolff wrote:
% 
% > There should be a small set
% > of accounts whose passwords are protected equally as well as root's,
% > that are used for maintaining the various parts of the system.
% > This would reduce immensely the number of times that it
% > would be "necessary" to be root to perform some task or other; and thus
% > the number of windows of opportunity for certain types of attack - and
% > for simple mistakes.
% 
% And in practise, the "root" account is better protected 
... than all those other accounts which are a LOT easier to crack
(remember the autoreply bug?)

% So I agree with you that for a set of unexperienced administrators, 
% it would be nice to have each of them only capable of creating havock
% with only part of the system. 

So you install and maintain sudo. That way you give specific root
privileges to certain programs, to be invoked by certain users only. As
an added benefit, it gives you logging too. Oh, simply getting a shell
in someone else's name doesn't work with sudo; you still need the
user's password to do something usefull.

Cheers,
G.J.W. Hagenaars, M.Sc. Math ----> Remembering Mike Carty 1968-1994
gj@canarie.ca -------------------> Software Installer CANARIE Inc.
gj@nuvo.com ---------------------> UNIX System Administrator NUVO
aj247@freenet.carleton.ca -------> I'm Dutch, what's your excuse?

home help back first fref pref prev next nref lref last post