Can adding users be disabled.
mark
m.roth at 5-cent.us
Tue Feb 9 16:47:14 UTC 2010
Marti, Robert wrote:
> The question needs to be asked - if you can't trust root, who can you
> trust?
>
Or, for that matter, you could just rm /usr/sbin/useradd... but root can
manually create a user with no problem at all... lessee, edit /etc/passwd,
create the home directory, set permissions, add to /etc/groups....
Why do you think you need to keep the root account from creating users?
mark
> Sent from my iPhone
>
> On Feb 9, 2010, at 6:34, "TYURIN Aleksey"
> <Aleksey.TYURIN at raiffeisen.ru> wrote:
>
>> Yes, you can use simple methods: "rm /usr/sbin/useradd" or "chmod a-
>> x /usr/sbin/useradd". But this only disable, but not deny.
>> root-user can copy "useradd" binary file from another server and set
>> execute bit.
>>
>> SELinux can deny operation useradd even for the root-user.
>> Restart the server, in my opinion, is not required. But the need to
>> restart several services and remounting of file systems.
>>
>> Good luck!
>>
>>
>> AT
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
>> bounces at redhat.com] On Behalf Of Rohit khaladkar
>> Sent: Tuesday, February 09, 2010 2:48 PM
>> To: General Red Hat Linux discussion list
>> Subject: Re: Can adding users be disabled.
>>
>> Thanks Dustin! This worked like a charm!
>>
>> Tyurin, I cannot reboot the server right now , so was not able to
>> try the selinux stuff. But I'll try that definitely.
>>
>> Thanks!
>> Rohit Khaladkar.
>>
>> On Tue, Feb 9, 2010 at 4:49 PM, Dustin Larmeir <dustin at larmeir.com>
>> wrote:
>>
>>> You can find the binary and chmod it to 000 and then use chattr -i,
>>> That would stop it. - Dustin
>>>
>>> -----Original Message-----
>>> From: redhat-list-bounces at redhat.com [mailto:
>>> redhat-list-bounces at redhat.com]
>>> On Behalf Of Rohit khaladkar
>>> Sent: Tuesday, February 09, 2010 4:11 AM
>>> To: General Red Hat Linux discussion list
>>> Subject: Can adding users be disabled.
>>>
>>> Hi All,
>>> Can we disable adding users command "useradd" even for the root
>>> user..?
>>>
>>>
>>>
>>> --
>>> Thanks!
>>> Rohit Khaladkar
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>>
>> --
>> Thanks!
>> Rohit Khaladkar
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> -----------------------------------
>> This message and any attachment are confidential and may be
>> privileged or otherwise protected from disclosure. If you are not
>> the intended recipient any use, distribution, copying or disclosure
>> is strictly prohibited. If you have
>> received this message in error, please notify the sender immediately
>> either by telephone or by e-mail and delete this message and any
>> attachment from your system. Correspondence via e-mail is for
>> information purposes only.
>> ZAO Raiffeisenbank neither makes nor accepts legally binding
>> statements by e-mail unless otherwise agreed.
>> -----------------------------------
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
The 21st Century Republican Party: "with malice toward all, and charity toward
none."
More information about the redhat-list
mailing list