* Mathias Gygax <mg@trash.net> [2001.11.16 15:06:54+0100]: > > well, i thought this is the definition of root. > > no. with LIDS you can protect files and syscalls even from root. in my > setup, root cannot even write to his own home directory. ... which root can change at convenience. this thread is becoming boring! > my root user can't write to /usr/*, doesn't have any special syscall > access to change network and firewall settings, can't SETUID/SETGID and > is really locked like a normal user etc. but... root in this setup is > useless. you can't do anything that looks like administration. you can > run the daemons that need root access, but they're limited and can't do > the full root stuff root usually does. excellent. you know what i did: i just remove the root:0:... line from /etc/passwd and /etc/shadow. now i can't be root. that must be perfect security. yeah! -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck it's as bad as you think, and they are out to get you.
Attachment:
pgpkFAGvR8YJ2.pgp
Description: PGP signature