[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Deny root access by telnet

Subject: RE: [cobalt-users] Deny root access by telnet
From: Smith Colin-WCCS07 <Colin.Smith@xxxxxxxxxxxx>
Date: Fri Jun 23 17:12:46 2000

> -----Original Message-----
> From: Mike Vanecek [mailto:nospam99@xxxxxxxxxxxx]
> Sent: 23 June 2000 03:02
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] Deny root access by telnet
> 
> 
> On Wed, 21 Jun 2000 17:28:19 +0100, Smith Colin-WCCS07
> <Colin.Smith@xxxxxxxxxxxx> wrote:
> 
> :>> -----Original Message-----
> :>> From: Maurice Hason [mailto:macpro@xxxxxxxxxxxxxxxx]
> :>> Sent: 17 June 2000 12:20
> :>> Subject: [cobalt-users] Deny root access by telnet
> 
> :>> I would like to deny on the Qube2 telnet or ssh access to 
> :>> root. This way
> :>> only the su command can be used to become root. Furthermore, 
> :>> I would like to
> :>> specify what users can use the su command, since by testing 
> :>> so far, any user
> :>> can su.
> :>
> :>
> :>If I remember correctly for telnet, check the 
> /etc/securetty file. Remove
> :>the network entries (pts/*). The tty* entries should be OK.
> 
> I do not have a /etc/securetty file (have a securetty.master, 
> but it only
> contains tty entries). Any where else one can look?

Create the securetty file from the securetty.master. If the securetty file
does *not* exist it *allows* root access from the network!

> 
> :>To specify people who can run su, create a group for people 
> allowed and
> :>change the execute permission so only root and the people 
> in the group can
> :>execute su. Remove the 'other' read write and execute 
> permissions (chmod
> :>ug=rx,o-rwx su). Add the selected few to the group allowed 
> to run su.
> 
> Jeff talks about a Wheel group, but my Wheel group only 
> contains root. My

Wheel is a commonly used group for this kind of purpose.

> current settings for su are:
> 
> -rwsr-xr-x   1 root     root        30196 Feb  6  1998 su
> 
> I would then need to change the group ownership to Wheel and 
> remove the other
> execution from permissions? I could then use the Wheel group?

Yes.

> 
> :>You should probably get hold of 'sudo' rather than giving 
> out su access.
> 
> What is this and where it is available?

Sudo is a command that allows you to give specified accounts root permission
to run specified executables with specified arguments.

http://www.courtesan.com/sudo/

I think you'll have to build it and install it yourself. I don't think there
are any packages from Cobalt.


> 
> Thank you.
> 
> Mike.
> 
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

Follow-Ups:
- Re: [cobalt-users] Deny root access by telnet
  - From: Mike Vanecek

Prev by Date: RE: [cobalt-users] NFS
Next by Date: Re: [cobalt-users] HTACCESS
Previous by thread: Re: [cobalt-users] Deny root access by telnet
Next by thread: Re: [cobalt-users] Deny root access by telnet

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index