Re: Multiple login accounts with root privileges

[Jason <securitux () gmail com>]

SELinux, yes, another option... and a better one actually.

Good suggestion

-J

On Mon, Apr 7, 2008 at 9:35 PM, li bo <libo.swust () gmail com> wrote:
> Hi, Jason
> Just a suggestion. Try SULinux on the occasion that you have to permit root
> account to do some operation but you want to restrict other operations. See
> the documents here:
> http://fedoraproject.org/wiki/SELinux
>  http://www.nsa.gov/selinux/
>
> Good luck
> Bo
>
>
>
> On 08/04/2008, Jason <securitux () gmail com> wrote:
> > Definitely need to be restricted. In addition to what others have
> > said, if tight control is desired, most administrative functions can
> > be covered by granting permissions to run certain commands as root by
> > using sudo. You can be quite granular with sudo, and it allows you to
> > keep an audit trail of who issued what commands.
> >
> > I am not sure why you'd have 'Administrator' on the UNIX box, unless
> > there's some type of pass through authentication that an administrator
> > on a Windows box is using to access a samba share on that client or
> > vice versa.
> >
> > May also be a Windows administrator that wanted that generic Windows
> > account name to be used on the UNIX box as well to make life easier
> > for someone or for a scripted or batch job.
> >
> >
> > -J
> >
> >
> > On Mon, Apr 7, 2008 at 12:51 AM, ganesh mahadevan
> > <ganesh.was.mahadevan () gmail com> wrote:
> > > Hi,
> > >
> > >  I was testing a thin client box and found that I could login as Root,
> > >  Administrator and Admin (all with the same password).  whoami
> > >  indicated 'root' in all three cases.  Is this some sort of aliasing
> > >  going on? I may not be entirely correct on this but shouldn't the
> > >  number of users with root privileges be restricted?  What is your
> > >  advice on this issue?
> > >
> > >  Thanks in advance.
> > >
> > >  Ganesh
>
>
>
> --
> No pains,no gains.