On Thu, Nov 22, 2001 at 11:49:00AM -0800, current-digest thus spoke:

> Date: Thu, 22 Nov 2001 06:40:11 -0800 (PST)
> From: Hiten Pandya <[EMAIL PROTECTED]>
> Subject: [SUGGESTION] - disallowing shutdown after su(1)

> correct me if i am wrong.. but..
> do you think, if we denied a shutdown after an su(1)
> to root from a non-privileged user would be good...

The only user that can su to root are those in the wheel group,
so those should be considered at least semi-privledged.

> i tried this same thing at home.. i builded it and
> installed it.. works fine for me... the patch below
> will allow a shutdown only be logging into root itself
> and not by issuing an su(1) command to root.

> this would be very good, i think if someone broke into
> a normal user and was able to gain access into root
> using su... (without a password..)

This would be very bad because the only place I can login as root
is on the console of my home machine.  All the other machines
I work with are managed remotely, have no root logins, have only
ssh and no telnet, and would be impossible to manage if this were
implemented.  su to root is supposed to give a user the root 


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to