home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!usc!rpi!think.com!barmar
- From: barmar@think.com (Barry Margolin)
- Newsgroups: comp.unix.admin
- Subject: Re: Prevent user from editing /etc/passwd
- Date: 20 Aug 1992 16:58:47 GMT
- Organization: Thinking Machines Corporation, Cambridge MA, USA
- Lines: 30
- Message-ID: <170j07INNoj3@early-bird.think.com>
- References: <1992Aug17.131329.22491@cpp.ob.open.de> <21390@rpp386.lonestar.org>
- NNTP-Posting-Host: telecaster.think.com
-
- In article <21390@rpp386.lonestar.org> jfh@rpp386.cactus.org (John F. Haugh II) writes:
- >In article <1992Aug17.131329.22491@cpp.ob.open.de> schweik@cpp.ob.open.de (Martin Schweikert) writes:
- >>I have a user on my SVR3 machine who knows - and must know :-( - the
- >>root password.
- >
- >If you know who it is, turn off their account. This will give you
- >the time to figure out how they are doing it later.
-
- I interpreted the "and must know" to mean that this user is authorized to
- know the root password. If the user is authorized to use the root
- password, that implies that he's supposed to have an account. Disabling
- his account it probably not an option.
-
- The question I have is why would someone who can't be trusted not to edit
- the passwd file be authorized to have the root password. If he needs to be
- able to do a few things that require superuser access, maybe you need
- something like "sudo", which permits you to give him a specific set of
- commands that run with root privileges.
-
- >>I tried to find a method to prevent him from editing /etc/passwd. It's
- >>quite difficult.
- >
- >chmod a-w /etc/passwd
-
- That won't work. Write access isn't checked when you're the superuser.
- --
- Barry Margolin
- System Manager, Thinking Machines Corp.
-
- barmar@think.com {uunet,harvard}!think!barmar
-
