James Melin wrote:
Hello List!
I've been wondering how one might prevent SSH logon to root, and still have the
ability to logon at the console logon presented to the VM guest ID.
We've implemented sudo quite effectively, but we're not sure how to lock down
direct SSH root logon and if it would actually have any impact against
console logon which we would want to keep in case of epic disaster.
Read the sshd configuration file and its associated documentation.
Also, is there a way to allow user 'joe' to su to user 'sam' but NOT allow him
to su to root, thus bypassing sudo? So far all I've come up with on
restricting su is an all or only root approach.
I've no practical experience with this, and only vague recollections of
a docoment read log ago and mostly forgotten, but I think Kerberos
allows joe to authenticate as joe and then run as sam. I don't know that
it ties in at all with su or sudo.
sudo allows joe to run stuff as sam if he knows her password. This is
the default configuration in SUSE. I don't recall whether you can have
different rules for different users and/or different targets.
selinux might have some influence here too; I had to get Apache special
permission to /var/local/mirrors to serve it.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
Please do not reply off-list
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
