Booting SunOS 4.0 singlu user (was Re: NFS security)
Steve Groom
stevo at judy.Jpl.Nasa.Gov
Fri Sep 9 05:09:12 AEST 1988
In article <12397 at duke.cs.duke.edu> ndd at romeo.UUCP (Ned D. Danieley) writes:
>If I understand what you've described, the only way to protect a
>workstation from someone booting it single user is to deny root
>the ability to log in on that workstation. Doesn't sound very elegant
>to me.
But it only denies them the ability to *log in* as root. It doesn't
stop you from using su to become root, which I view as preferable to
logging in as root anyway. As a policy, we use su instead of logging
in as root. We haven't enforced it completely by turning of 'secure',
but we've thought about it.
The reason is simple. Su leaves a better trail around, telling you who
that really was. If all you have is the fact that root logged in on
ttyx at nn:nn:nn, that doesn't tell you anything about who it might
have been that did it.
Sounds pretty elegant to me.
-steve
/* Steve Groom, Jet Propulsion Laboratory, Pasadena, CA 91109
* Internet: stevo at elroy.jpl.nasa.gov UUCP: {ames,cit-vax}!elroy!stevo
* Disclaimer: (thick German accent) "I know noothingg! Noothingg!"
*/
More information about the Comp.unix.wizards
mailing list