Re: How to restrict normal ssh user to become root ?

To: debian-user@lists.debian.org
Subject: Re: How to restrict normal ssh user to become root ?
From: Brian <ad44@cityscape.co.uk>
Date: Fri, 13 Apr 2012 12:18:56 +0100
Message-id: <[🔎] 20120413111856.GU16316@desktop>
In-reply-to: <[🔎] 20120413104518.542da64a@shiva.selfip.org>
References: <[🔎] 20120412112204.0f54a876@shiva.selfip.org> <[🔎] 20120412123830.GA14853@localhost> <[🔎] 20120413104518.542da64a@shiva.selfip.org>

On Fri 13 Apr 2012 at 10:45:18 +0530, J. Bakshi wrote:

> Many many thanks. Based on your clue I get this link
> 
> http://mindref.blogspot.in/2010/04/protect-su-with-pamwheel.html
> 
> This is exactly what I have been looking for long.

Your users A and B are given the root password. Users X and Y are not
so they can only acquire it through A or B. If A is slack in looking
after the root password there is no reason to believe she would be any
more careful in guarding the password for her own account. X can now
add himself to the wheel group,

Y is actually well ahead of you. She knew about pam_wheel and has set
it up to su without a password. She has also devised a way of hiding
what she has done from you.

Reply to:

References:
- How to restrict normal ssh user to become root ?
  - From: "J. Bakshi" <bakshi12@gmail.com>
- Re: How to restrict normal ssh user to become root ?
  - From: Armin Haas <armin@awawa.de>
- Re: How to restrict normal ssh user to become root ?
  - From: "J. Bakshi" <bakshi12@gmail.com>

Prev by Date: Re: Laser Printer printing intermittantly, CUPS bug?
Next by Date: Re: learning automake, etc. and being minimalistic
Previous by thread: Re: How to restrict normal ssh user to become root ?
Next by thread: about dual booting freebsd 9 and debian 6.04
Index(es):
- Date
- Thread