Re: securing debian

[Chris <chris@ormond.unimelb.edu.au>]

On Sat, 25 Apr 1998, Alain Toussaint wrote:

> > You might consider installing the `sudo' package and using that for
> > all your root access.  If you do that, then you can change the
> > encrypted root password to * in /etc/shadow (you *are* using shadow
> > passwords, I hope) and thus it becomes impossible to log in as root.
> > 
> > Ben
> 
> this is a no go,i dont want to install this package because i dont want to
> give root access to my brother:
> 
<snip> 
> it's because that when i was in win95,my brother had full access to the
> dialer and so,it could use the internet without my consentment,i dont want
> to give him any root privilege at all,i think that bloking access to root
> login while still allowing to su root and a regular change of password
> will be a better security scheme.
> 
> thanks.
> 
> Alain
> 

Just a point of note:

If your brother has physical access to the machine there is no way you can
stop him from getting root access.  

You can increase the difficulty by setting the bios to only boot from HDD
and then locking the bios - but if he's smart enough that you have to
worry about the root password, he's going to know how to reset the bios.
In addition, if you have dos/windoze installed as well, and he can run it,
he can most likely reset your bios without even taking the case off (use
one of the numerous bios hacking programs around).

Maybe a bit of botherly agreement is called for here?

Just my .00002c worth

Chris


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org