Multiple Root ID's considered evil?
Michael DeCorte
mrd at sun.soe.clarkson.edu
Thu Sep 21 08:32:49 AEST 1989
In article <9560 at cadnetix.COM> rusty at cadnetix.COM (Rusty Carruth) writes:
>However, I would like to remind you that, should someone become root
>who wishes to hide that fact, and should /var/log/authlog be someplace
>that the root-ed person can touch... well, lets just say that your
>log means nothing in this case, since root can go edit that file
True but sometimes is not a question of trust but I want a trail so
that I can say "Hey did you do this? Yeah... Well that ain't the way
to do it" (eg someone accidently blew away /dev/null and didn't
recreate it properly)
--
Michael DeCorte // H215-546-0497 W386-8164 Fax386-8252 // mrd at clutx.bitnet
2300 Naudain St. "H", Phil, PA 19146 // mrd at sun.soe.clarkson.edu
---------------------------------------------------------------------------
Clarkson Archive Server // commands = help, index, send, path
archive-server at sun.soe.clarkson.edu
archive-server%sun.soe.clarkson.edu at omnigate.bitnet
dumb1!dumb2!dumb3!smart!sun.soe.clarkson.edu!archive-server
---------------------------------------------------------------------------
More information about the Comp.unix.wizards
mailing list