On Sunday 15 November 2009 14:47:14 Stroller wrote:
> > I find the root password in a sealed envelope in the safe is the ideal
> > insurance for that.
>
> Totally agree.
>
> My biggest customer, unfortunately, has taken on a large investment of
> capital recently, resulting in a new director wh
On Sun, 15 Nov 2009 12:52:41 +0200, Alan McKinnon wrote:
> > Why not use sudo to give the customer's account almost full root
> > access? Not only does this allow you to restrict which damaging
> > commands he can run but sudo logs each command it runs, so you have
> > CYA insurance.
>
> Double
On 15 Nov 2009, at 08:26, Alan McKinnon wrote:
...
My typical experience is that the customer will take it completely on
the chin and pay me to fix the problems. That doesn't make foul-ups
due to such unnecessary meddling any less frustrating, though.
My experience has been completely the oppo
On Sunday 15 November 2009 10:52:51 Neil Bothwick wrote:
> On Sun, 15 Nov 2009 05:15:43 +, Stroller wrote:
> > > So when he fucks things up good royal and proper, will he gladly
> > > accept his
> > > shafting and pay you more to undo it? Or will he do the usual
> > > customer stunt
> > > and b
On Sun, 15 Nov 2009 05:15:43 +, Stroller wrote:
> > So when he fucks things up good royal and proper, will he gladly
> > accept his
> > shafting and pay you more to undo it? Or will he do the usual
> > customer stunt
> > and blame you?
>
> My typical experience is that the customer will
On Sunday 15 November 2009 07:15:43 Stroller wrote:
> On 14 Nov 2009, at 20:46, Alan McKinnon wrote:
> >> ...
> >> You are right of course, but in this particular case the guy who pays
> >> wants to have root access.
> >
> > And you agreed to work like that?
> >
> > So when he fucks things up good
Stroller wrote:
On 14 Nov 2009, at 20:46, Alan McKinnon wrote:
...
You are right of course, but in this particular case the guy who pays
wants to have root access.
And you agreed to work like that?
So when he fucks things up good royal and proper, will he gladly
accept his
shafting and pay
On 14 Nov 2009, at 20:46, Alan McKinnon wrote:
...
You are right of course, but in this particular case the guy who pays
wants to have root access.
And you agreed to work like that?
So when he fucks things up good royal and proper, will he gladly
accept his
shafting and pay you more to und
On Saturday 14 November 2009 21:32:39 Mick wrote:
> > Approach security a little more sanely and don't give untrusted users
> > root access? If you have to take steps to restrict the root account,
> > you need to rethink who has use of it. Preventing damage in the event
> > that the system does get
On Saturday 14 November 2009 07:01:19 Joshua Murphy wrote:
> On Fri, Nov 13, 2009 at 7:24 PM, Mick wrote:
> > On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote:
> >> On Thu, 2009-11-12 at 22:18 +, Mick wrote:
> >> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote:
> >> > > Gd
On Sat, Nov 14, 2009 at 2:01 AM, Joshua Murphy wrote:
> On Fri, Nov 13, 2009 at 7:24 PM, Mick wrote:
>> On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote:
>>> On Thu, 2009-11-12 at 22:18 +, Mick wrote:
>>> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote:
>>> > > Gdm itself
On Fri, Nov 13, 2009 at 7:24 PM, Mick wrote:
> On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote:
>> On Thu, 2009-11-12 at 22:18 +, Mick wrote:
>> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote:
>> > > Gdm itself has a config option to disallow root logins
>> >
>> > Ahh, u
On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote:
> On Thu, 2009-11-12 at 22:18 +, Mick wrote:
> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote:
> > > Gdm itself has a config option to disallow root logins
> >
> > Ahh, unfortunately I can only access it remotely via ssh at
On Thu, Nov 12, 2009 at 3:46 PM, Mick wrote:
> On Thursday 12 November 2009 21:34:24 Paul Hartman wrote:
>> On Thu, Nov 12, 2009 at 2:01 PM, Mick wrote:
>> > I should know how to do this ...
>> >
>> > It isn't as simple as commenting out vc7 in /etc/securetty, right? The
>> > persistent offender
On Fri, 13 Nov 2009 00:08:18 +0100, Iain Buchanan
wrote:
However, if someone has the root password to log in to X, then what's to
stop them changing anything you do now?
I've been wondering about the very same thing... Perhaps it's just to only
have a root shell and not an entire DE runn
On Thu, 2009-11-12 at 22:18 +, Mick wrote:
> On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote:
> > Gdm itself has a config option to disallow root logins
>
> Ahh, unfortunately I can only access it remotely via ssh at this stage.
> Hopefully the pam method will work fine.
You don't
On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote:
> Gdm itself has a config option to disallow root logins
Ahh, unfortunately I can only access it remotely via ssh at this stage.
Hopefully the pam method will work fine.
Thanks again.
--
Regards,
Mick
signature.asc
Description: This
On Thursday 12 November 2009 21:56:00 Alan McKinnon wrote:
> On Thursday 12 November 2009 23:46:27 Mick wrote:
> > On Thursday 12 November 2009 21:34:24 Paul Hartman wrote:
> > > On Thu, Nov 12, 2009 at 2:01 PM, Mick wrote:
> > > > I should know how to do this ...
> > > >
> > > > It isn't as simpl
Gdm itself has a config option to disallow root logins
On Nov 12, 2009 10:02 PM, "Mick" wrote:
I should know how to do this ...
It isn't as simple as commenting out vc7 in /etc/securetty, right? The
persistent offenders would try to start another X session on a different vc.
Is there a trick
On Thursday 12 November 2009 23:46:27 Mick wrote:
> On Thursday 12 November 2009 21:34:24 Paul Hartman wrote:
> > On Thu, Nov 12, 2009 at 2:01 PM, Mick wrote:
> > > I should know how to do this ...
> > >
> > > It isn't as simple as commenting out vc7 in /etc/securetty, right? The
> > > persistent
On Thursday 12 November 2009 21:34:24 Paul Hartman wrote:
> On Thu, Nov 12, 2009 at 2:01 PM, Mick wrote:
> > I should know how to do this ...
> >
> > It isn't as simple as commenting out vc7 in /etc/securetty, right? The
> > persistent offenders would try to start another X session on a different
On Thu, Nov 12, 2009 at 2:01 PM, Mick wrote:
> I should know how to do this ...
>
> It isn't as simple as commenting out vc7 in /etc/securetty, right? The
> persistent offenders would try to start another X session on a different vc.
>
> Is there a trick I could add in /etc/pam.d/login or one of
Am Donnerstag 12 November 2009 21:56:48 schrieb Mick:
> Thanks, but the box in question is running Gnome.
So what? Nothing stops you from starting a gnome session via kdm.
Bye...
Dirk
signature.asc
Description: This is a digitally signed message part.
On Thursday 12 November 2009 20:39:41 Dirk Heinrichs wrote:
> Am Donnerstag 12 November 2009 21:01:45 schrieb Mick:
> > Is there a trick I could add in /etc/pam.d/login or one of the
> > /etc/pam.d/gdm* files perhaps?
>
> Use kdm and set "AllowRootLogin=false" in /usr/share/config/kdm/kdmrc.
Tha
Am Donnerstag 12 November 2009 21:01:45 schrieb Mick:
> Is there a trick I could add in /etc/pam.d/login or one of the
> /etc/pam.d/gdm* files perhaps?
Use kdm and set "AllowRootLogin=false" in /usr/share/config/kdm/kdmrc.
HTH...
Dirk
signature.asc
Description: This is a digitally si
I should know how to do this ...
It isn't as simple as commenting out vc7 in /etc/securetty, right? The
persistent offenders would try to start another X session on a different vc.
Is there a trick I could add in /etc/pam.d/login or one of the /etc/pam.d/gdm*
files perhaps?
--
Regards,
Mick
26 matches
Mail list logo
