[ On Wednesday, September 26, 2001 at 14:40:48 (-0500), Gonyou, Austin wrote: ]
> Subject: RE: Why restrict root logins?
>
> you are only partially correct. I developed a scheme on Linux where you
> cannot have root access, except for using sudo, but if sudo is only allowed
> for certain groups, then only a small subset of people, who'm are explicitly
> told they can, have access to sudo and are fully accounted for. This in
> addition to some other ACLs, perhaps, XFS, etc, allows almost no one to get
> sudo, without being accounted for in this way. It is tedious, but very
> secure as well.
having read the sudo code, and understanding goal-based attacks in the
way I do, I wouldn't bet on it.....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
