Home page logo
/

basics logo Security Basics mailing list archives

Re: Multiple login accounts with root privileges
From: "li bo" <libo.swust () gmail com>
Date: Tue, 8 Apr 2008 09:39:25 +0800

Hi, Jason
Just a suggestion. Try SULinux on the occasion that you have to permit
root account to do some operation but you want to restrict other
operations. See the documents here:
http://fedoraproject.org/wiki/SELinux
http://www.nsa.gov/selinux/

Good luck
Bo

On 08/04/2008, Jason <securitux () gmail com> wrote:
Definitely need to be restricted. In addition to what others have
 said, if tight control is desired, most administrative functions can
 be covered by granting permissions to run certain commands as root by
 using sudo. You can be quite granular with sudo, and it allows you to
 keep an audit trail of who issued what commands.

 I am not sure why you'd have 'Administrator' on the UNIX box, unless
 there's some type of pass through authentication that an administrator
 on a Windows box is using to access a samba share on that client or
 vice versa.

 May also be a Windows administrator that wanted that generic Windows
 account name to be used on the UNIX box as well to make life easier
 for someone or for a scripted or batch job.


 -J


 On Mon, Apr 7, 2008 at 12:51 AM, ganesh mahadevan
 <ganesh.was.mahadevan () gmail com> wrote:
 > Hi,
 >
 >  I was testing a thin client box and found that I could login as Root,
 >  Administrator and Admin (all with the same password).  whoami
 >  indicated 'root' in all three cases.  Is this some sort of aliasing
 >  going on? I may not be entirely correct on this but shouldn't the
 >  number of users with root privileges be restricted?  What is your
 >  advice on this issue?
 >
 >  Thanks in advance.
 >
 >  Ganesh
 >



-- 
No pains,no gains.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]