Hi,

We have 4 root users on one linux system.We wish one root user to prevent access syslog.conf file ? So we manage this by defaut or is it possible to patch kernel by lids or gresec ..etc..

Thankx

An interesting thing since we are dealing with a "root" user is that they will be able to override anything we do.

There are ways to do this with single users but I doubt we can get it done with "root."

Maybe if you defined what you meant by root users... are they all "root" or do they just have rootly powers?

An interesting thing since we are dealing with a "root" user is that they will be able to override anything we do.

Absolutelly true, kind of a interesting thing to do. Kind of like a power user in windows xp, which in my opinion is not a good idea by microsoft. linux uses the keep it simple method while microsoft uses some crazy ass skem with their ownership arch. it is ridiculously complicated and you need a PH. D and a ridiculous amount of time to set ownership in any meanifull way. The most secure skem is a simple one, the more complicated it gets the less secure it gets!

Usually, in a situation like this, you really should be using sudo (to better define access rights and log actions) as well as reconsidering the idea of offering rootly powers to someone you worry about needing to restrict.

If you can't trust these people to behave than you really need to carefully define what they should be doing and permit only those actions in sudo. Of course, you need to keep in mind that many things have "outs" which will allow them to break the sudo thing (if you give them vi they can open a root shell for example).

perhaps one way is to change the group of syslog.conf,chown, and chgrp and only add the 3 roots to it and not the last. Of course you would really have to keep going with that idea as root4 will still have loop holes to change the group of the files back to him back to him. You would really have to think of them all and lock him out, very hard and complicated.