[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Deny root access by telnet
- Subject: Re: [cobalt-users] Deny root access by telnet
- From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
- Date: Thu Jun 22 18:55:34 2000
- Organization: anonymous
On Wed, 21 Jun 2000 17:28:19 +0100, Smith Colin-WCCS07
<Colin.Smith@xxxxxxxxxxxx> wrote:
:>> -----Original Message-----
:>> From: Maurice Hason [mailto:macpro@xxxxxxxxxxxxxxxx]
:>> Sent: 17 June 2000 12:20
:>> Subject: [cobalt-users] Deny root access by telnet
:>> I would like to deny on the Qube2 telnet or ssh access to
:>> root. This way
:>> only the su command can be used to become root. Furthermore,
:>> I would like to
:>> specify what users can use the su command, since by testing
:>> so far, any user
:>> can su.
:>
:>
:>If I remember correctly for telnet, check the /etc/securetty file. Remove
:>the network entries (pts/*). The tty* entries should be OK.
I do not have a /etc/securetty file (have a securetty.master, but it only
contains tty entries). Any where else one can look?
:>To specify people who can run su, create a group for people allowed and
:>change the execute permission so only root and the people in the group can
:>execute su. Remove the 'other' read write and execute permissions (chmod
:>ug=rx,o-rwx su). Add the selected few to the group allowed to run su.
Jeff talks about a Wheel group, but my Wheel group only contains root. My
current settings for su are:
-rwsr-xr-x 1 root root 30196 Feb 6 1998 su
I would then need to change the group ownership to Wheel and remove the other
execution from permissions? I could then use the Wheel group?
:>You should probably get hold of 'sudo' rather than giving out su access.
What is this and where it is available?
Thank you.
Mike.