James Sparenberg grabbed a keyboard and wrote:
>
> On Sat, 2002-10-05 at 14:52, Toshiro wrote:
> >
> > What's the point in doing that way? When you use ssh, the communication
> > is encrypted. I don't see the advantage of ssh as a normal user first.
>
> From having had it save my buns... Big advantage is that you know who
> su'd to root. I had a boy genius who "discovered" root from one of my
> employee's logged in su'd and made some changes he wanted ... ie opening
> up some ports for a file sharing software that he wanted to use company
> bandwidth for. The only reason we caught it was because of the su...
> now granted this has been a couple of years but it does illustrate a
> use. (One reason I like the BSD style su over linux) The advantage....
> paper trail so to speak.
BTW, if you haven't already seen it, Vince wrote an exellent piece on the
Mandrake Security site regarding a way of locking up su. Basically, you
remove the suid bit from /bin/su, which makes it impossible for someone who
knows the root password from su'ing to root (since it has to run with root
privs to do its thing). Then you set up the people that you want to have
access in the /etc/sudoers file and let *them* access root. They would
then use the command "sudo su" to switch. The downside is that if one of
those people have their password compromised, then someone will have access
to root if they know about it and are accessing the compromised account.
The upside is that the action *will* be logged, so you'll at least know it
happened. It's a thought, anyway.
--Dave
--
David Guntner GEnie: Just say NO!
http://www.akaMail.com/pgpkey/davidg or key server
for PGP Public key
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
