disabling root and olpc passwords
Albert Cahalan
acahalan at gmail.com
Sun Jan 13 01:39:47 EST 2008
Bernardo Innocenti writes:
> What we're actually doing is just to disable them in the
> default installation so that malicious activities cannot
> login as root or olpc and basically own the system.
This is NOT needed at all.
I wrote and tested an /etc/pam.d/su modification that will
prohibit all non-wheel users from getting su to work.
Somebody else pointed out the simple /bin/su permissions
that that would do the exact same thing.
Apply both if you wish, but either alone will do nicely.
There are other ways too, like SE Linux.
For the PAM solution, the top 3 lines of the file should be:
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_succeed_if.so use_uid user ingroup wheel
More information about the Devel
mailing list