Root access (was RE: which prebuilt linux boxes seem to work best?)
Brent Harding
bharding at UFW2.COM
Mon Oct 23 21:55:11 EDT 2000
There's no securetty that'd work remotely, I'm sure because it doesn't
allow you to use an ip address. I'm sure eth0 doesn't count, as it's not
really considered a device file in /dev. I'm not fond of the idea of
multiple root privileged users, especially if it's not really needed.
At 05:08 PM 10/23/00 +1100, you wrote:
>On Sun, 22 Oct 2000, Brent Harding wrote:
>
>> What access does the root group give? Setting up virtual hosts, or whatever
>> involves a lot of access, depending which virtual service one is using,
>
>This would vary from system to system, depending on what files belong to
>the root group and the permissions on those files.
>
>> unless there were a script out that I could be given access to to get all
>> of it done that'd run as root.
>
>You could do this, but it'd be up to the sysadmin to do this.
>
>> Wouldn't it take the luck of the draw, for say the admin gives the access
>> to /dev/pts/0 and someone else is logged in to that, so my connection could
>> be pts/4 or 5 depending who's on? I'd some how have to move them to another
>> device so I could get my privileges.
>
>Yes, which is why you wouldn't ever put a pts device in
>/etc/securetty. And the sysadmin would still have to give out the root
>account's password to you. In fact, if I were a sysadmin, I'd consider
>clearing out /etc/securetty altogether so no one could login directly as
>root, meaning that everyone would either have to know both a user name and
>password and the root password, or have access to sudo as a user. Sounds
>much more secure.
>
>Geoff.
>
>
>
>
>--
>Geoff Shang <gshang10 at scu.edu.au>
>ICQ number 43634701
>
>
>_______________________________________________
>Speakup mailing list
>Speakup at braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
>
More information about the Speakup
mailing list