Can adding users be disabled.

Rohit khaladkar rohit.khaladkar at gmail.com
Tue Feb 9 17:28:09 UTC 2010 

Hi!
I asked this question because there is a customer who has implemented this
rule (I know sounds weird and I do not know the reason) and I wanted to
reproduce the same setup

Thanks all for the inputs!

Helped me a great deal!

Thanks!
Rohit Khaladkar

On Tue, Feb 9, 2010 at 10:17 PM, mark <m.roth at 5-cent.us> wrote:

> Marti, Robert wrote:
>
>> The question needs to be asked - if you can't trust root, who can you
>>  trust?
>>
>>  Or, for that matter, you could just rm /usr/sbin/useradd... but root can
> manually create a user with no problem at all... lessee, edit /etc/passwd,
> create the home directory, set permissions, add to /etc/groups....
>
> Why do you think you need to keep the root account from creating users?
>
>        mark
>
>  Sent from my iPhone
>>
>> On Feb 9, 2010, at 6:34, "TYURIN Aleksey"  <Aleksey.TYURIN at raiffeisen.ru>
>> wrote:
>>
>>  Yes, you can use simple methods: "rm /usr/sbin/useradd" or "chmod a- x
>>> /usr/sbin/useradd". But this only disable, but not deny.
>>> root-user can copy "useradd" binary file from another server and set
>>>  execute bit.
>>>
>>> SELinux can deny operation useradd even for the root-user.
>>> Restart the server, in my opinion, is not required. But the need to
>>>  restart several services and remounting of file systems.
>>>
>>> Good luck!
>>>
>>>
>>> AT
>>>
>>> -----Original Message-----
>>> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
>>> bounces at redhat.com] On Behalf Of Rohit khaladkar
>>> Sent: Tuesday, February 09, 2010 2:48 PM
>>> To: General Red Hat Linux discussion list
>>> Subject: Re: Can adding users be disabled.
>>>
>>> Thanks Dustin! This worked like a charm!
>>>
>>> Tyurin, I cannot reboot the server right now , so was not able to  try
>>> the selinux stuff. But I'll try that definitely.
>>>
>>> Thanks!
>>> Rohit Khaladkar.
>>>
>>> On Tue, Feb 9, 2010 at 4:49 PM, Dustin Larmeir <dustin at larmeir.com>
>>>  wrote:
>>>
>>>  You can find the binary and chmod it to 000 and then use chattr -i,
>>>> That would stop it. - Dustin
>>>>
>>>> -----Original Message-----
>>>> From: redhat-list-bounces at redhat.com [mailto:
>>>> redhat-list-bounces at redhat.com]
>>>> On Behalf Of Rohit khaladkar
>>>> Sent: Tuesday, February 09, 2010 4:11 AM
>>>> To: General Red Hat Linux discussion list
>>>> Subject: Can adding users be disabled.
>>>>
>>>> Hi All,
>>>> Can we disable adding users command "useradd" even for the root  user..?
>>>>
>>>>
>>>>
>>>> --
>>>> Thanks!
>>>> Rohit Khaladkar
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>>>
>>>
>>> --
>>> Thanks!
>>> Rohit Khaladkar
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> -----------------------------------
>>> This message and any attachment are confidential and may be  privileged
>>> or otherwise protected from disclosure.  If you are not  the intended
>>> recipient any use, distribution, copying or disclosure  is strictly
>>> prohibited. If you have
>>> received this message in error, please notify the sender immediately
>>>  either by telephone or by e-mail and delete  this message and any
>>>  attachment from your system. Correspondence via e-mail is for  information
>>> purposes only.
>>> ZAO Raiffeisenbank neither makes nor accepts legally binding  statements
>>> by e-mail unless otherwise agreed.
>>> -----------------------------------
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>>
>
> --
> The 21st Century Republican Party: "with malice toward all, and charity
> toward none."
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
Thanks!
Rohit Khaladkar

More information about the redhat-list mailing list