user with root priviledge

William Hooper whooperhsd3 at earthlink.net
Mon Apr 19 17:32:53 UTC 2004


Keven Ring said:
> *IF* one performs an "su -" from the prompt, there is a log of who
> logged in as root [will be one of john, bill, or sam].  *IF* one
> remotely logs in as root, then where they came from is logged [and by
> looking at who was logged on, could inform you which of john, bill, or
> same performed the dirty work].

Doesn't help if multiple users are logged and have ran "su -".  You only
get a log saying that they have ran su, not what commands they have
executed as root.

> OTOH, if rm -rf / is executed, as root, this will wipe the hard drive,
> including logs.....

That's why syslogd has a network logging function.

> [Note, I have performed this on a running system *on purpose* [it was
> going to be re-imaged anyway]].
>
> Note, also, that NFS mounts and such often require root password
> priviledges.  So, if john, bill, and sam all know root password, then
> you are setting yourself up for some bad situations.

Which is why automounting is usually set up.

-- 
William Hooper





More information about the fedora-list mailing list