/etc/suauth
Adam Myrow
amyrow at midsouth.rr.com
Sat Dec 17 17:40:24 EST 2005
On Sat, 17 Dec 2005, Jude DaShiell wrote:
> The analysis is flawed. A machine with 99 user accounts on it and a root
> account with only one line in /etc/suauth with one user account on it
> presents a hacker with 98 decoys and one hackable account. The hacker has to
> go to the trouble of stealing a user account password not a root account
> password and that is more difficult to do.
I fail to see why you don't understand the problem you would create.
Essentially, you would be saying that any of your 99 users may su to root
without knowing the root password. Any one of them could now do whatever
they want without having to put forth any effort at all. The hacker could
be one of your users. If you are so concerned with the root password
getting out on the Internet, then you would be much better off forbidding
the use of the su command entirely, or at least blocking attempts to su to
root. No ordinary user should be using it anyhow. While you are at it,
prevent root logins via SSH. You can't do administration anywhere except
the console this way, but it's a lot better than opening up your machine
to anybody who just happens to try to su to root.
More information about the Speakup
mailing list