Computer Hope

Software => BSD, Linux, and Unix => Topic started by: sun_os on January 26, 2012, 05:52:09 AM

Title: How to avoid overwrite the passwd and shadow file
Post by: sun_os on January 26, 2012, 05:52:09 AM

Dear All,

I have no idea to do so the below questions:

1. I add the users and set the password. But I want to avoid someone to overwrite the shadow when log on as root .
2. The users telnet the server, browser the directory. But the telnet connect is time out. What is the first thing I need to check? 

Thanks

Title: Re: How to avoid overwrite the passwd and shadow file
Post by: Rob Pomeroy on January 30, 2012, 06:11:46 AM

Quote from: sun_os on January 26, 2012, 05:52:09 AM

I want to avoid someone to overwrite the shadow when log on as root

You can't.  root is omnipotent, by definition.

Title: Re: How to avoid overwrite the passwd and shadow file
Post by: sun_os on January 31, 2012, 05:20:41 AM

Oh! I want to aviod two root users to edit the /etc/passwd , I don't want to set the acl to complicate the permission on the file. ???

Title: Re: How to avoid overwrite the passwd and shadow file
Post by: Rob Pomeroy on January 31, 2012, 06:33:53 AM

I think your best bet is going to be to set up other administrative users and maybe even prevent root from logging on (other than at the console?).  I assume you're thinking of SELinux's capabilities - there are some good walkthroughs >here< (http://selinux-mac.blogspot.com/2009/06/selinux-lockdown-part-one-confined.html).