Jump to content

In need of real help with pop3


Albus
 Share

Recommended Posts

it dpends on how restrictive you want it.

 

telling me you dont want them to su, doesnt tell much. you can do that by taking it out of the bash profile, but then if they know the absolute path, they'll be able to bypass it. the su, is one you may not (and is not advisable) be able to get rid of. the best course of action is to take it out of your bash profile.

 

by changing permissions on su, which is a file, you risk not being able to access it at all. you could chown it, but then that has its own problems.

 

generally you dont mess with su, except by taking it out of the bash profile. since you can have the password on the root account expire after a set amount of time, and since the password is shaddowed, only someone who knows the root password can gain su/root priveledges.

Link to comment
Share on other sites

  • Replies 33
  • Created
  • Last Reply

Top Posters In This Topic

More specific then:

 

When you install Mandrake, assuming you choose "Higher" as the security level, when you are faced with the "regular user" creation part of the setup program, there are additional options listed under the main items. These items are checkboxes and for each enabled, the user gains execute rights for that item. One such item is the "su" command. Left unchecked, the user would see "command not found" if they typed "su" at the shell.

 

The Question:

 

When you check that box, what files/settings does Mandrake change?

Link to comment
Share on other sites

i havent used mandrake in over a year. i couldnt tell you exactly. you can however, experiment with this on your own, and then poke arround and see what changed.

 

btw, i use suse.

Link to comment
Share on other sites

I found the answer locate at the following link:

 

http://hills.ccsf.cc.ca.us/~ckan04/project.shtml

 

The snippet in question reads:

 

Therefore we should limit the people allowed to "su" to the root account by editing the

"su" file (/etc/pam.d/su) with the following two lines to the top of the file:

auth sufficient /lib/security/pam_rootok.so debug

auth required /lib/security/pam_wheel.so group=wheel

This means only those belongs to the "wheel" group can "su" to root. You may add users to this group so

that they may use the "su" command. To make it more secure, you may restrict root to login on specific

TTY devices. The following command is to add user to the "wheel" group :

#usermod -G10 admin

(This means to add "admin" to the wheel group ("10" is the numeric user id of "wheel") and "admin" is the

user that belongs to a supplementary group "G".)

 

Conclusion:

 

The same practice can be used to limit access to a variety of other system utilities. Thanks for your patience linux_learner. I hope this information aides others in setting up thier systems more securely. The entire linked page is worth reading. It both explains things and gives exampels.

 

:)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share


×
×
  • Create New...