home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.unix.admin
- Path: sparky!uunet!caen!uwm.edu!ux1.cso.uiuc.edu!treincke
- From: treincke@ux1.cso.uiuc.edu (Tim Reincke)
- Subject: Re: Prevent user from editing /etc/passwd
- Message-ID: <BtAF2E.G33@ux1.cso.uiuc.edu>
- Organization: University of Illinois at Urbana
- References: <1992Aug17.131329.22491@cpp.ob.open.de>
- Date: Thu, 20 Aug 1992 15:01:12 GMT
- Lines: 36
-
- schweik@cpp.ob.open.de (Martin Schweikert) writes:
-
- >Hi!
-
- >I have a user on my SVR3 machine who knows - and must know :-( - the
- >root password.
-
- >I tried to find a method to prevent him from editing /etc/passwd. It's
- >quite difficult.
-
- >[...]
-
- >Now, my question: is there another possibility than writing a C program
- >that exec()s vi? Not that it was a problem to write such a program, but
- >I would like to keep things as simple as possible ...
-
- >Martin
-
- If I were you and had an unauthorized user who knew the root password, I would
- change the root password and send the user a strong warning against such
- activity. If the user knew the root password and was messing around with
- important system files (like /etc/passwd), I would suspend his account, no
- questions asked.
-
- Don't fool around with security hacks to solve the problem. The problem does
- not lie in running vi or ex, it lies in the hands of an irresponsible user
- who does not deserve access to your system.
-
- - Tim
- --
- --------------------------------------------------------------------------------
- Timothy J. Reincke | Email to: treincke@uiuc.edu
- Junior, Computer Science | Or: treincke@ux1.cso.uiuc.edu
- CCSO Resource Information Consultant |------------------------------------
- University of Illinois at Urbana-Champaign | "It's okay...I'm with the band."
- --------------------------------------------------------------------------------
-
