Hi James,
James Sparenberg wrote:
> yes but in order to change su the cracker would have to comprimise root
> as well.
Agreed.
meaning two passwords compromised not one. (users have read
> access to su but not write)
agreed also
So I still agree with Todd better to have
> two locks than o
yes but in order to change su the cracker would have to comprimise root
as well. meaning two passwords compromised not one. (users have read
access to su but not write) So I still agree with Todd better to have
two locks than one on on the door.
James
On Mon, 2002-10-07 at 12:29, J. Grant w
Hi Todd, James
if only user accounts have been compromised
.bashrc .tscshrc .profile etc could be changed to soemthing else, then
su would not be the real su.
if possible logging in directly as root is the best option, less chance
of a compromised user account meaning root is compromised as w
J. Grant wrote on Sun, Oct 06, 2002 at 08:07:32PM +0100 :
>
> theoretically not, if some1 has got a fake binary for your shell as a
> normal user, he/she can then log you getting root. best way is to get
> the ssh client to execute the login command as root and go in directly.
> (thus bypassing t
Will have to try this one out Falls short in other areas of group
management but it's a good start. Thankyou
James
On Sun, 2002-10-06 at 20:49, Michael Viron wrote:
> Change su to the following permissions:
>
> -rwsr-x---1 root wheel 14112 Jan 16 2001 /bin/su
>
> and you w
Change su to the following permissions:
-rwsr-x---1 root wheel 14112 Jan 16 2001 /bin/su
and you will get the *BSD-like behavior.
Michael
--
Michael Viron
Project Manager / Primary Developer / Manager of Online Operations
General Education Online
At 08:47 AM 10/6/2002 -0700, yo
On Sun, 2002-10-06 at 06:29, James Sparenberg wrote:
> On Sat, 2002-10-05 at 14:52, Toshiro wrote:
> > > >
> > > > I agree. However I Dont run EVERYTHING as root nor am I a new user. Also
> > > > being an IT Manager I DO occasionally su to root and ssh into my
> > > > company's machines as root to
On Sun, 2002-10-06 at 12:07, J. Grant wrote:
>
> Jan Wilson wrote:
>
> >>What's the point in doing that way? When you use ssh, the communication
> >>is encrypted. I don't see the advantage of ssh as a normal user first.
> >
> >
> > If you ssh to a root account on another machine directly, t
Jan Wilson wrote:
>>What's the point in doing that way? When you use ssh, the communication
>>is encrypted. I don't see the advantage of ssh as a normal user first.
>
>
> If you ssh to a root account on another machine directly, the logging
> on that machine does not directly say who was a
Todd Flinders wrote:
> That was an active philisophical decision to not implement the GNU su that
> way. According to Free as In Freedom, Stallman had many ethical problems
> with the password implementation. The weakened security of su was
> intentional.
>
> You'd think there'd be a wheel
2002-10-06 23:47, Todd Flinders writes:
> That was an active philisophical decision to not implement the GNU su that
> way. According to Free as In Freedom, Stallman had many ethical problems
> with the password implementation. The weakened security of su was
> intentional.
>
> You'd think t
That was an active philisophical decision to not implement the GNU su that
way. According to Free as In Freedom, Stallman had many ethical problems
with the password implementation. The weakened security of su was
intentional.
You'd think there'd be a wheel-style su for GNU/Linux on Sourcefo
On Sun, 2002-10-06 at 00:51, David Guntner wrote:
> James Sparenberg grabbed a keyboard and wrote:
> >
> > On Sat, 2002-10-05 at 14:52, Toshiro wrote:
> > >
> > > What's the point in doing that way? When you use ssh, the communication
> > > is encrypted. I don't see the advantage of ssh as a norm
James Sparenberg grabbed a keyboard and wrote:
>
> On Sat, 2002-10-05 at 14:52, Toshiro wrote:
> >
> > What's the point in doing that way? When you use ssh, the communication
> > is encrypted. I don't see the advantage of ssh as a normal user first.
>
> From having had it save my buns... Big adv
On Saturday 05 October 2002 11:09 pm, you wrote:
> > Correct me if I am wrong, but I don't think you can ssh into root.
>
> You can. Even with an 'out of the box' install
depends on the msec level of the recieving box
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandra
On Sat, 2002-10-05 at 14:52, Toshiro wrote:
> > >
> > > I agree. However I Dont run EVERYTHING as root nor am I a new user. Also
> > > being an IT Manager I DO occasionally su to root and ssh into my
> > > company's machines as root to do admin stuff so I really would not want
> > > to blast away
>
> Correct me if I am wrong, but I don't think you can ssh into root.
You can. Even with an 'out of the box' install
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
* Toshiro <[EMAIL PROTECTED]> [021005 16:02]:
> > > I agree. However I Dont run EVERYTHING as root nor am I a new user. Also
> > > being an IT Manager I DO occasionally su to root and ssh into my
> > > company's machines as root to do admin stuff so I really would not want
> > > to blast away my s
> >
> > I agree. However I Dont run EVERYTHING as root nor am I a new user. Also
> > being an IT Manager I DO occasionally su to root and ssh into my
> > company's machines as root to do admin stuff so I really would not want
> > to blast away my ssh keys nor my root env.
> hmmm is it possible to
>From: et <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: [expert] /root and /
>Date: Sat, 5 Oct 2002 14:27:41 -0400
>
>On Saturday 05 October 2002 11:35 am, you wrote:
> > On Fri, 2002-10-04 at 00:00, Todd Lyons wrote:
&g
On Saturday 05 October 2002 11:35 am, you wrote:
> On Fri, 2002-10-04 at 00:00, Todd Lyons wrote:
> > PlugHead wrote on Thu, Oct 03, 2002 at 11:33:20PM -0400 :
> > > > Why must /root be on the same file system as / ?
> > >
> > > Just a guess, but... If there was a problem mounting your /root
> >
On Fri, 2002-10-04 at 00:00, Todd Lyons wrote:
> PlugHead wrote on Thu, Oct 03, 2002 at 11:33:20PM -0400 :
>
> > > Why must /root be on the same file system as / ?
> > Just a guess, but... If there was a problem mounting your /root
> > partition, at boot time, wouldn't you be screwed--because yo
021003 Todd Lyons wrote:
> PlugHead wrote on Thu, Oct 03, 2002 at 11:33:20PM -0400 :
>> Why must /root be on the same file system as / ?
>> The installer complains.
> the answer is more along the lines of "to protect you from yourself".
> A new user won't know any better than to run as root all th
PlugHead wrote on Thu, Oct 03, 2002 at 11:33:20PM -0400 :
> > Why must /root be on the same file system as / ?
> Just a guess, but... If there was a problem mounting your /root
> partition, at boot time, wouldn't you be screwed--because you wouldn't
> be able to log in as root... (?)
In single
Just a guess, but... If there was a problem mounting your /root partition, at
boot time, wouldn't you be screwed--because you wouldn't be able to log in as
root... (?)
Of course you could argue that's what 'rescue' mode is for--like I said, it's
just a guess.
-Jason
On Thursday 03 October
Why must /root be on the same file system as / ?
I keep mine separate as not to wipe out ssh keys and other things. I can
change it after the initial install and all is fine, but the installer
complains.
Just wondering.
-Dave
Want to buy your Pack or Services from MandrakeSoft?
Go to
26 matches
Mail list logo