Hi Damian, Tuesday, May 14, 2002, 10:13:55 PM, you wrote:
DG> On Tue, 14 May 2002 13:21:59 -0700 DG> Mike Oliver <[EMAIL PROTECTED]> wrote: >> Michael Viron wrote: >> >> > Change the group ownership on su to root:wheel . >> > Next, remove execute permission from "other" on su. >> >> I have to say I find this option kind of puzzling. >> What's the rationale exactly? Why couldn't an >> opponent who knew the root pword just execute >> his *own* copy of su? It seems it would have nuisance >> value at best. Not that nuisance value couldn't be of >> some practical use, provided the security admin doesn't >> think it's a substitute for safeguarding passwords. >> >> Or maybe it's to prevent *inadvertant* rather than malicious >> damage? Something like: People in our group might find >> out the root pword and be tempted to su to quick-fix some >> difficulty they're having, then they might break something >> and we wouldn't know who was responsible, so we'll just >> remove the temptation? I guess that makes a certain amount >> of sense, but it's not terribly flattering to your coworkers. >> >> DG> hmm.. how about denying read access too? DG> Damian With best wishes, Dave -- David Conroy MSW Consultant, Trainer & Management Coach International Coach Federation, ID 100666 Voluntary sector support: http://www.coaching-lab.com Coaching via e-mail: http://www.e-coaching-only.com Coaching for women: http://www.womens-life-coach.com Web development/hosting: http://www.turnkey-coach.com ICQ 127865569 Phone/Fax +44 (0)1225 314694
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
