Date: Wed, 4 Oct 2000 13:15:45 -0400 (EDT) From: "Dan Mahoney, System Admin" <danm@prime.gushi.org> To: roman <roman@devnulltech.com> Cc: questions@FreeBSD.ORG Subject: Re: Securing SU Message-ID: <Pine.BSF.4.21.0010041251010.22462-100000@prime.gushi.org> In-Reply-To: <20001004130520.A25331@nougat.stickynetworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 4 Oct 2000, roman wrote: > > I was wondering if there was a way to configure su so that it would > > disallow a user access if they're telnetted in. (but, say, allow them if > > they have sshed in). > what about sudo? > > better than su, because you get to control who gets to do what as root. Oh, I have four people who have root, and need it. My web guy, my cgi guy, myself and my assistant...All of us need full root, and all are trusted (in fact one is a cousin and one is a fiancee). At the same time, we provide shells, so leaving telnet open to all is necessary. I just need to enforce the "don't use telnet if you're gonna SU, you bonehead" rule. I guess this could best be done with even a shell script, where the script looks at what terminal it's running on, and sees if telnetd is talking on that port. If it is, it rejects root. Of course, one can override this by running screen (which uses multiple ptys)...Anyone have a cleaner answer? -Dan -- "Long live little fat girls!" -Recent Taco Bell Ad Slogan, Literally Translated. (Viva Gorditas) --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Web: http://prime.gushi.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010041251010.22462-100000>