Date: Mon, 19 Jul 1999 01:53:01 -0400 From: bill@twwells.com (T. William Wells) To: freebsd-questions@freebsd.org Subject: Re: how to watch the root user? Message-ID: <7mue87$c87$1@twwells.com> References: <37765F16.EA06FF48@ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
You cannot reliably do this. Someone with the root password can circumvent any monitoring you may put in place. It is a very bad idea to give out root logins to anyone who does not absolutely need to have it. Once you've done that, you've pretty much given them complete control over your system. Certainly, there are ways to discourage casual misuse of the root account but there is nothing you can do to protect yourself from a determined attempt to subvert your system by someone who has the root password. If you believe there are reasons why some people need root access, you should think through exactly _what_ access they need and then encapsulate that access in setuid programs or take advantage of various tools (like sudo) that allow controlled access to root facilities. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7mue87$c87$1>