Oh you can... BUT if the admin user is UID 0 then admin == root if the
admin user != root and != UID 0 then the admin user doesn't have full
root ability... unless you stand on your head with permissions.
James
On Sun, 2002-12-29 at 13:00, Jim C wrote:
> Really? I mean if you create an admin user can't you then restrict root
> from ever logging on?
>
> Sridhar Dhanapalan wrote:
> > No matter what you call it, root is still UID 0 ('zero'). A cracker can simply
> > use 'UID 0' instead of 'root'. In other words, there is no real use in renaming
> > the root user.
> >
> >
> > On Sun, 29 Dec 2002 01:32:45 -0800, Jim C <[EMAIL PROTECTED]> wrote:
> >
> >>I don't find myself particularly impressed by it then I am afraid.
> >>Specifically I am refering to the use of a standardized name for the
> >>group. I mean wouldn't it be better to create an admin group with a
> >>misleading name that sounds like it is used by a program or one that
> >>sounds like the exact opposite of what it is or perhaps one that has no
> >>specific meaning? One might even create a fake user account for su
> >>ownershp and put the admin users in that accounts group while
> >>restricting that user from ever logging on. One might then also
> >>restrict the permissions on su sufficiently that an ordinary user cannot
> >>display who owns it.
> >>
> >>Michael Viron wrote:
> >>
> >>>You can use linux to lock out "su" access to only the wheel group.
> >>>
> >>>The steps are:
> >>>Change the group ownership on su to root:wheel .
> >>>Next, remove execute permission from "other" on su.
> >>>
> >>>Michael
> >>>
> >>>--
> >>>Michael Viron
> >>>Core System Administration Team
> >>>Simple End User Linux
> >>>
> >>>
> >>>At 04:03 PM 12/28/2002 -0800, you wrote:
> >>>
> >>>
> >>>>I can tell you how it's used in BSD nix although I haven't seen it used
> >>>>for much in Linux. In BSD only users in who's primary group is wheel
> >>>>can su to root. All others are locked out. Groups also allow for
> >>>>access control to files / directories etc. One just needs to edit
> >>>>/etc/group to remove and or add a user to a group and give/remove
> >>>>access.
> >>>>
> >>>>James
> >>>>
> >>>>
> >>>>On Sat, 2002-12-28 at 13:39, Jim C wrote:
> >>>>
> >>>>
> >>>>>My understanding is that there is a group called "wheel" that allows a
> >>>>>user to have administrative privileges. I remember trying to get it to
> >>>>>work some time ago but I've never been successful. This may have been
> >>>>>because of my msec setting or something but I don't know. Can anybody
> >>>>>give me tips on it's use?
> >>>>
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > Want to buy your Pack or Services from MandrakeSoft?
> > Go to http://www.mandrakestore.com
>
>
>
>
>
> ______________________________________________________________________
>
> Want to buy your Pack or Services from MandrakeSoft?
> Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
