>
> >
> >Hi,
> >
> >I know that this is not the right place, but thought that there must be
> >a lot of capable people who can answer this .
> >
> >Our system administrator is not capable of distinguishing the fact of
> >how to stop people from using some one else 's id.
> >We are running NIS+.
> >
> >The process:
> >
> >su - root (On any client machine, of which you have the password.)
> >
> >Now
> >su - userid (You get logged in as the 'userid' specified).
>
> chmod 750 /bin/su
> chgrp staff /bin/su
> (or use whatever group all your admin people belong to.)
That won't work because because the client's root password is
available to those who they wish to deny su, and with root you could
just do chmod 755 /bin/su. Or for that matter, they could do anything
they want on the client machine.
>
> However, this won't prevent people from using telnet, or rlogin, or
> any other of myriad ways to get to another's account. The problem
> is not su, it is of people sharing passwords. This is a people
> problem and not a technical one.
Agreed! root passwords belong only to sysadms if you wish to have a
secure network.
>
>
>
--
Mark Crother crotherm @
roses .
rockwell .
com
Rockwell's Operational Software Engineering System (ROSES)
Space Systems Division (SSD) All opinions are mine.
References:
|
|
