home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.sgi
- Path: sparky!uunet!ukma!darwin.sura.net!zaphod.mps.ohio-state.edu!uunet.ca!geac!alias!chk
- From: chk@alias.com (C. Harald Koch)
- Subject: Re: restricing root logins
- Message-ID: <1992Nov12.152556.27730@alias.com>
- Sender: news@alias.com (News Owner)
- Organization: Alias Research, Inc., Toronto ON Canada
- References: <1992Nov10.000731.2740@alias.com> <1992Nov10.134956.525@epas.toronto.edu> <s6mae5g@rhyolite.wpd.sgi.com>
- Date: Thu, 12 Nov 1992 15:25:56 GMT
- Lines: 26
-
- In <s6mae5g@rhyolite.wpd.sgi.com> vjs@rhyolite.wpd.sgi.com (Vernon Schryver) writes:
-
- > In <1992Nov10.134956.525@epas.toronto.edu> adam@epas.utoronto.ca (Adam Iles) writes:
- >> If you are willing to give root or restricted accounts a special shell
- >> (which could be a symbolic link to a standard shell) you could create
- >> /etc/dialups and /etc/d_passwd files to put an invalid password on all
- >> the "unsecure ttys." The information on these files is in the login(1)
- >> man page.
-
- What a great idea! We already have dialup passwords on the modems, but this
- never occurred to me. Thanks, Adam!
-
- >Unfortunately, neither solution keeps someone on a different tty
- >from using `su`.
-
- This is acceptable to us for now; We just want our "roots" to login as
- themselves before su-ing. That way, we have some idea of who made a change,
- rebooted a computer, etc.
-
- Thanks, and keep those cards coming!
-
- --
- "What is life?" "A rich | C. Harald Koch Alias Research, Inc. Toronto, ON
- tapestry when learning from | chk@alias.com (work-related mail)
- a Master like you, sir!" | chk@gpu.utcs.utoronto.ca (permanent address)
- "You pass!" -Purolator ad | VE3TLA@VE3OY.#SCON.ON.CA.NA (AMPRNet)
-