From owner-freebsd-questions@FreeBSD.ORG Fri Oct 24 18:25:34 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A55301065684 for ; Fri, 24 Oct 2008 18:25:34 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.26]) by mx1.freebsd.org (Postfix) with ESMTP id 30D388FC0C for ; Fri, 24 Oct 2008 18:25:33 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: by ey-out-2122.google.com with SMTP id 6so339130eyi.7 for ; Fri, 24 Oct 2008 11:25:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=gEiC13XdXiZL3U0VRBAIGz0iQwn4g+nPDicMMggUMEs=; b=b0gHAi1LxBecOI1aB0VTUOy/v8ZDn5UYzHRp7sN/2NqOZSqINy+VCg0dIF8QbTm4O2 Y96YN1/IUq9U1tjWXVqCiU5OdaNFfTo9Wdh/FffFNNdF6W2DP9zyhIvGETrT0MmK+NTb O6spdLc/iVYRpzi5FBqLiynvqPX38J+IGWNoc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=DpNPNURTBfT5nbPDOvTeT6//XqFkS2V61Ypt/29NnUUM5yvTz1v0PCVDWfajLXZYGy WMjZUwhSUZt7wGmeqydSLTIbLIEdfOTs+LtjJfQu2cwdMfI+JOcJLsqDcG1bQBIyJVoH lwGuYnNGCZyfSb+bkd/jcBts3Puzyw7T4ZtzI= Received: by 10.210.117.1 with SMTP id p1mr2718514ebc.95.1224872732473; Fri, 24 Oct 2008 11:25:32 -0700 (PDT) Received: from atlantis.dyndns.org (athedsl-4432585.home.otenet.gr [79.129.146.185]) by mx.google.com with ESMTPS id h7sm2612432nfh.4.2008.10.24.11.25.30 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 24 Oct 2008 11:25:31 -0700 (PDT) Message-ID: <49021319.7090804@gmail.com> Date: Fri, 24 Oct 2008 21:25:29 +0300 From: Manolis Kiagias User-Agent: Thunderbird 2.0.0.17 (X11/20081011) MIME-Version: 1.0 To: Jos Chrispijn References: <49020EAD.2070908@webrz.net> In-Reply-To: <49020EAD.2070908@webrz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions Subject: Re: root | su X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Oct 2008 18:25:34 -0000 Jos Chrispijn wrote: > Is there a way of stopping root from su'ing to another user? > > Jos Chrispijn > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Root is supposed to be the almighty god on your machine (i.e. you...). No point trying to limit the abilities of root (especially if physical access is also provided). And seriously, root is a role not a person. If you find yourself trying to limit root's capabilities, you've probably surrendered the root password to the wrong person. If you need to give someone limited root access to a machine, just use security/sudo instead (with a carefully crafted sudoers file).