On Sun, Jan 21, 2007 at 10:03:30PM -0500, Jim Hyslop wrote:
> OK, this latest discussion about logging in as root got me thinking. I'm
> fairly new to Linux. Occasionally, when I need to set up something (as
> an example, my recent DNS questions) I will need to edit a config file,
> and restart th
On Mon, Jan 22, 2007 at 07:49:30PM +0100, Johannes Wiedersich wrote:
> Tyler MacDonald wrote:
> > Have you put a password on your bootloader (GRUB, etc) to restrict changing
> > the boot parameters?
> The same applies to the bios. Otherwise someone could just switch off
> the machine, enter a knop
Tyler MacDonald wrote:
> Have you put a password on your bootloader (GRUB, etc) to restrict changing
> the boot parameters?
>
> Otherwise, you can simply edit the boot parameters, and add something like
> "S init=/bin/bash" to the end to drop yourself right into a root shell on
> boot.
The same a
On Monday, 22.01.2007 at 10:39 -0800, Tyler MacDonald wrote:
> Dave Ewart <[EMAIL PROTECTED]> wrote:
> > This is actually what is done, yes.
> >
> > And, in addition, the safe is only accessible to restricted
> > individuals. Having said that, none of the restricted individuals
> > (apart from m
Dave Ewart <[EMAIL PROTECTED]> wrote:
> This is actually what is done, yes.
>
> And, in addition, the safe is only accessible to restricted individuals.
> Having said that, none of the restricted individuals (apart from me)
> would know what to do with the root password anyway ...
>
> All a matte
On Monday, 22.01.2007 at 09:31 -0600, Ron Johnson wrote:
> You might be trustworthy not to walk away from a logged-in console and
> not install stupid stuff, but is he?
Well, the console is in a locked-room and only available to a small
number of people. In the event of my untimely demise, I bel
On Sun, Jan 21, 2007 at 10:31:39PM -0500, Greg Folkert wrote:
> * If the need arises use a method to allow "limited privileges" in
> a granular way. I use "sudo" it allows one to give "user
> creation" without giving the keys to the machine to the person
> or helpdesk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/22/07 09:14, Dave Ewart wrote:
> On Monday, 22.01.2007 at 07:51 -0600, Ron Johnson wrote:
>
>> On 01/22/07 04:07, Dave Ewart wrote:
>>> On Sunday, 21.01.2007 at 22:03 -0500, Jim Hyslop wrote:
>>>
>> [snip]
[snip]
>> The first thing that pops in
On Monday, 22.01.2007 at 09:11 -0500, Roberto C. Sanchez wrote:
> On Mon, Jan 22, 2007 at 10:07:19AM +, Dave Ewart wrote:
> > as root. The system is never used in a non-root context.
> > Therefore, to manage this system I set up no further users other
> > than root, and install my SSH key in
On Monday, 22.01.2007 at 07:51 -0600, Ron Johnson wrote:
> On 01/22/07 04:07, Dave Ewart wrote:
> > On Sunday, 21.01.2007 at 22:03 -0500, Jim Hyslop wrote:
> >
> [snip]
> > The above example flies in the face of the usual advice, but that's
> > because the circumstances are different and possibly
On Mon, Jan 22, 2007 at 10:07:19AM +, Dave Ewart wrote:
> as root. The system is never used in a non-root context. Therefore, to
> manage this system I set up no further users other than root, and
> install my SSH key in root's account, then reconfigure SSHd to allow
> root logins via key onl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/22/07 04:07, Dave Ewart wrote:
> On Sunday, 21.01.2007 at 22:03 -0500, Jim Hyslop wrote:
>
[snip]
> The above example flies in the face of the usual advice, but that's
> because the circumstances are different and possibly rather extreme. I
> d
Ron Johnson writes:
> Are there any auditing packages, which record every program
> registered in the audit system, for every user registered in the
> audit system?
Package: acct
Priority: optional
Section: admin
Installed-Size: 368
Maintainer: Daniel Baumann <[EMAIL PROTECTED]>
Architecture: i386
On Sunday, 21.01.2007 at 22:03 -0500, Jim Hyslop wrote:
> OK, this latest discussion about logging in as root got me thinking.
> I'm fairly new to Linux. Occasionally, when I need to set up something
> (as an example, my recent DNS questions) I will need to edit a config
> file, and restart the da
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/21/07 21:31, Greg Folkert wrote:
> On Sun, 2007-01-21 at 22:03 -0500, Jim Hyslop wrote:
>>
[snip]
> It is really all about accountability or being able to track who
> did what when. To track problems caused by administration errors,
> or to trac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/21/07 21:03, Jim Hyslop wrote:
> OK, this latest discussion about logging in as root got me thinking. I'm
> fairly new to Linux. Occasionally, when I need to set up something (as
> an example, my recent DNS questions) I will need to edit a confi
On Sun, 2007-01-21 at 22:03 -0500, Jim Hyslop wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> OK, this latest discussion about logging in as root got me thinking. I'm
> fairly new to Linux. Occasionally, when I need to set up something (as
> an example, my recent DNS questions) I wil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roberto C. Sanchez wrote:
>
> You want sudo.
Ah, very nice - thanks for the tip.
- --
Jim Hyslop
Dreampossible: Better software. Simply. http://www.dreampossible.ca
Consulting * Mentoring * Training in
C/C++ * OOD * SW Devel
On Sun, Jan 21, 2007 at 10:03:30PM -0500, Jim Hyslop wrote:
> OK, this latest discussion about logging in as root got me thinking. I'm
> fairly new to Linux. Occasionally, when I need to set up something (as
> an example, my recent DNS questions) I will need to edit a config file,
> and restart th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK, this latest discussion about logging in as root got me thinking. I'm
fairly new to Linux. Occasionally, when I need to set up something (as
an example, my recent DNS questions) I will need to edit a config file,
and restart the daemon. I usually s
20 matches
Mail list logo
