Re: Multiple login accounts with root privileges

["li bo" <libo.swust () gmail com>]

Hi, Jason
Just a suggestion. Try SULinux on the occasion that you have to permit
root account to do some operation but you want to restrict other
operations. See the documents here:
http://fedoraproject.org/wiki/SELinux
http://www.nsa.gov/selinux/

Good luck
Bo

On 08/04/2008, Jason <securitux () gmail com> wrote:
> Definitely need to be restricted. In addition to what others have
>  said, if tight control is desired, most administrative functions can
>  be covered by granting permissions to run certain commands as root by
>  using sudo. You can be quite granular with sudo, and it allows you to
>  keep an audit trail of who issued what commands.
>
>  I am not sure why you'd have 'Administrator' on the UNIX box, unless
>  there's some type of pass through authentication that an administrator
>  on a Windows box is using to access a samba share on that client or
>  vice versa.
>
>  May also be a Windows administrator that wanted that generic Windows
>  account name to be used on the UNIX box as well to make life easier
>  for someone or for a scripted or batch job.
>
>
>  -J
>
>
>  On Mon, Apr 7, 2008 at 12:51 AM, ganesh mahadevan
>  <ganesh.was.mahadevan () gmail com> wrote:
>  > Hi,
>  >
>  >  I was testing a thin client box and found that I could login as Root,
>  >  Administrator and Admin (all with the same password).  whoami
>  >  indicated 'root' in all three cases.  Is this some sort of aliasing
>  >  going on? I may not be entirely correct on this but shouldn't the
>  >  number of users with root privileges be restricted?  What is your
>  >  advice on this issue?
>  >
>  >  Thanks in advance.
>  >
>  >  Ganesh
>  >


-- 
No pains,no gains.