Re: [cobalt-users] Telnet

[jk@xxxxxxxxxxxx (Jens Kristian Søgaard)]

Jeff Lasman <jblists@xxxxxxxxxxxxx> writes:

> > Maybe I was too quick. I'm used to working with various systems, and
> > hereof is the RaQs in lesser numbers - and therefore I just assumed,
> > that it would be the same.

> So what you're saying is that your computers are set up so anyone can
> "su" in from their login.

Well, normally you would require that user that want to go superuser
(root) using the su (substitute user) command should be in one of
these groups:

        system, root, wheel, sys

This is the case, when it comes to RaQs. Only the admin and root user
are in the wheel group, so others won't be able to switch to root
(they can on the other hand easily use su to become one of the other
users on the system, including admin).

But afaik it is not the fact, when it comes to "normal" (standard
distributions) Linux. Their su command does not check membership of
the wheel group. You'll have to edit the standard configuration to
achieve that.

> And you're telling us this?

I suspect that most of you on this list will have a tough time trying
to get to our internal network... (where any user can su to root)

(it's firewalled and you're all too far from here to gain physical
access)

> Security risk.

Well, if they can guess the root password, they can also guess the
admin password (as it is the same, when using the Cobalt GUI). If they
got the admin password, they can log in as that user, and run su from
there.



-- 
Jens Kristian Søgaard,
jk@xxxxxxxxxxxx -- http://www.jksoegaard.dk/
Søger du noget? -- http://www.google.com/
echo|perl -ple'$_+=4E-6*!int rand()**2+rand()**2while$i++-1E6'