[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Disabling SU

Subject: Re: [cobalt-users] Disabling SU
From: Wayne Sagar <wsagar@xxxxxxxx>
Date: Sun Apr 22 16:35:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 02:23 PM 4/23/01 +0800, you wrote:
>I know that users have to be in the "wheel" group for them su to root, but
>what if i want to totally disable su for these users ? (such that they
>cannot su to other users as well)

I'm for sure not an expert and I'm not sure what you're saying.. On my
machine, there is only one user allowed root access and for sure that
person is the only person that can su... Do you use the same password for
su as your admin passwd? If so..

su to root 
passwd
old password
new password
new password

Make this one different than your admin password, change it, at least,
weekly... and be very very very careful about not goofing when you type
it.. If you mis-type your password and then forget to su again, your
password will be logged in .bash_history *IN PLAIN TEXT*... not that anyone
can get in there without an su access anyway.. but it makes me nervous... 

This is a good word of warning for anyone else who <oops>messes up</oops>
once in a while... I have messed my password once or twice when logging in
via ssh (forgot to hit tab) you'll get a very nice email from logcheck that
it "faked" a log in screen for a bad attempt.. but it will also email you
*in plain text* your username with your password right behind it... 

<NOT>good</NOT>

Hoping this information from the peanut gallery of the unworthy, unlearned
majority helps..

WS

Prev by Date: [cobalt-users] Disabling SU
Next by Date: Re: [cobalt-users] Cobalt DNS Problems
Previous by thread: Re: [cobalt-users] Disabling SU
Next by thread: RE: [cobalt-users] Disabling SU

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index