Firewalls: Re: su

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: su - userid
From:	Chris Garrigues <cwg @ DeepEddy . Com>
Date:	Mon, 09 Sep 1996 11:08:59 -0500
To:	grace @ nymt . reuter . com (Grace Barraza)
Cc:	firewalls @ GreatCircle . COM, cwg @ deepeddy . DeepEddy . Com
In-reply-to:	Your message of "Mon, 09 Sep 1996 10:36:35 EDT." <9609091436 . AA00384 @ titan . reuter . >

> Hi,
>  
> I know that this is not the right place, but thought that there must be
> a lot of capable people who can answer this .
>  
> Our system administrator is not capable of distinguishing the fact of 
> how to stop people from using some one else 's id.
> We are running NIS+. 
> 
> The process:
>  
> su - root (On any client machine, of which you have the password.)
>  
> Now 
> su - userid (You get logged in as the 'userid' specified).
>  
>  
> Is there a way to stop this (Other than going to AFS. etc...).

two solutions:

a) don't use NFS (my personal preference, but it's hard to convince clients of 
this idea)

or

b) don't let anybody who isn't a system adminstrator have a root password (my 
other preference, and what my clients actually do)

Repeat after me:  NFS sucks!

Chris


-- 
Chris Garrigues                    O-              cwg @
 DeepEddy .
 Com
  Deep Eddy Internet Consulting                     +1 512 432 4046
  609 Deep Eddy Avenue
  Austin, TX  78703-4513              http://www.DeepEddy.Com/~cwg/

Attachment: pgpYCGqnl8yhu.pgp
Description: PGP signature

References:

su - userid
From: grace @ nymt . reuter . com (Grace Barraza)

Indexed By Date	Previous:	Re: C2 certified OS that can run a firewall From: Rabid Wombat <wombat @ mcfeely . bsfs . org>
Indexed By Date	Next:	Re: su - userid From: Doug Hughes <Doug . Hughes @ Eng . Auburn . EDU>
Indexed By Thread	Previous:	su - userid From: grace @ nymt . reuter . com (Grace Barraza)
Indexed By Thread	Next:	Re: su - userid From: crotherm @ roses . rockwell . com (Mark A. Crother)