On Sat, 9 Jun 2001, AB Ramos wrote:
> > To prevent an ordinary user from doing this lock the machine in the
> > server room and allow only the system administrators to enter the
> > room.
> > You can also reboot the system if you press the reset button. To
> > prevent this, do as above.
> > By the way, the above statements apply not only to RedHat but to other
> > Linux distros, and maybe to other Unix machines.
>
> This statement needs to be qualified. ;)
Yes. No matter what the system administrator does in the software,
as long as a normal (non-root) user has physical access to the
machine, he can always reboot (gracefully or ungracefully) the system.
For example, on most machines (running Unix or not) pressing the reset
button will do the job. That is why, in the interest of security,
it is best to keep sensitive company servers in a locked room, and
allow only authorized people to enter the room. That is why in the
/etc/securetty file, you never list the pseudo-ttys /dev/tty[p-s]*
since these can be used for network access (by hackers who happen
to discover the root password).
Pablo Manalastas
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
