Date: Thu, 22 Nov 2001 15:18:04 -0500 From: Bill Vermillion <bv@wjv.com> To: current@FreeBSD.ORG Subject: Re: current-digest V5 #301 Message-ID: <20011122151804.B20009@wjv.com> In-Reply-To: <bulk.17750.20011122114900@hub.freebsd.org>; from owner-freebsd-current-digest@FreeBSD.ORG on Thu, Nov 22, 2001 at 11:49:00AM -0800 References: <bulk.17750.20011122114900@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 22, 2001 at 11:49:00AM -0800, current-digest thus spoke: > > Date: Thu, 22 Nov 2001 06:40:11 -0800 (PST) > From: Hiten Pandya <hitmaster2k@yahoo.com> > Subject: [SUGGESTION] - disallowing shutdown after su(1) > correct me if i am wrong.. but.. > do you think, if we denied a shutdown after an su(1) > to root from a non-privileged user would be good... The only user that can su to root are those in the wheel group, so those should be considered at least semi-privledged. > i tried this same thing at home.. i builded it and > installed it.. works fine for me... the patch below > will allow a shutdown only be logging into root itself > and not by issuing an su(1) command to root. > this would be very good, i think if someone broke into > a normal user and was able to gain access into root > using su... (without a password..) This would be very bad because the only place I can login as root is on the console of my home machine. All the other machines I work with are managed remotely, have no root logins, have only ssh and no telnet, and would be impossible to manage if this were implemented. su to root is supposed to give a user the root powers. Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011122151804.B20009>