Re: [expert] root & other security issues

Wed, 9 Feb 2000 08:44:57 -0800 

Ups! Lapsus. root UID/GID ist nat�rlich 0, nicht 1!

On Wed, 9 Feb 2000, Denis Havlik wrote:

:~>Date: Wed, 9 Feb 2000 15:03:57 +0100 (CET)
:~>From: Denis Havlik <[EMAIL PROTECTED]>
:~>Reply-To: [EMAIL PROTECTED]
:~>To: "* Mandrake Expert Mailing List (E-mail)" <[EMAIL PROTECTED]>
:~>Subject: Re: [expert] root & other security issues 
:~>
:~>:~>A few things have evaded me while grasping the major concepts of Linux
:~>:~>security (must be several years of miseducation under NT :-)
:~>:~>1) it it possible to change the username of root? Seems to be more safe when
:~>:~>under a dictionary attack
:~>
:~>No idea. I do not think it would bring any aditional security:
:~>root-account is an account which has the UID 1, and one can
:~>easily find such account by dumping the passwd.
:~>
:~>:~>2) I've implemented NIS for "domain-authentication". Would it be possible to
:~>:~>implement something like a "domain-root" account? Something similar to the
:~>:~>NT "Domain Administrator" which is automatically Administrator (super-user)
:~>:~>on a member of an NT-domain.
:~>
:~>Sure, if you do not mind the security implications. From /var/yp/Makefile:
:~>
:~># We do not put password entries with lower UIDs (the root and system #
:~>entries) in the NIS password database, for security. MINUID is the #
:~>lowest uid that will be included in the password maps. # MINGID is the
:~>lowest gid that will be included in the group maps.:
:~>MINUID=100:
:~>MINGID=80   
:~>
:~>Set it to 1, and voila! However, I do not recomend this at all.
:~>
:~>hope this helps
:~>
:~>     Denis
:~>-----------------------------------------------------
:~>Mag^H^H^HDr. Denis Havlik  <http://www.ap.univie.ac.at/users/havlik>
:~>University of Vienna    |||     e-mail: [EMAIL PROTECTED]
:~>Austria                (@ @)       tel: (++431) 4277/51179         
:~>-------------------oOO--(_)--OOo---------------------
:~>February 17-th 2000: The Linux Demo Y2k Day!!!
:~>

-----------------------------------------------------
Mag^H^H^HDr. Denis Havlik  <http://www.ap.univie.ac.at/users/havlik>
University of Vienna    |||     e-mail: [EMAIL PROTECTED]
Austria                (@ @)       tel: (++431) 4277/51179         
-------------------oOO--(_)--OOo---------------------
February 17-th 2000: The Linux Demo Y2k Day!!!

Reply via email to