On Tue, 14 May 2002 13:21:59 -0700 Mike Oliver <[EMAIL PROTECTED]> wrote:
> Michael Viron wrote: > > > Change the group ownership on su to root:wheel . > > Next, remove execute permission from "other" on su. > > I have to say I find this option kind of puzzling. > What's the rationale exactly? Why couldn't an > opponent who knew the root pword just execute > his *own* copy of su? It seems it would have nuisance > value at best. Not that nuisance value couldn't be of > some practical use, provided the security admin doesn't > think it's a substitute for safeguarding passwords. > > Or maybe it's to prevent *inadvertant* rather than malicious > damage? Something like: People in our group might find > out the root pword and be tempted to su to quick-fix some > difficulty they're having, then they might break something > and we wouldn't know who was responsible, so we'll just > remove the temptation? I guess that makes a certain amount > of sense, but it's not terribly flattering to your coworkers. > > hmm.. how about denying read access too? Damian
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
