Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok guys.....this should be an interesting one....not sure if it is even possible, but here's the deal:
We have about 30 redhat 9 users networked using NIS......all 30 users have the root password to their linux boxes, which of course is the same password for each box.....is there a way to prevent root from becoming another user, (su username), or at least prompt for a DIFFERENT password once you get to that point......as in almost adding an additional layer of security onto it? Please give me any advice you have on this.....if it's not possible, then I am ok with that, or even if there are other ways of going about it.....it would be much appreciated! Thanks!
.....thanks for your help......iceman......
I'll clean it up for your, so that maybe you could offer me a real suggestion to my issue.
We have about 30 redhat 9 users networked using NIS and all 30 users have the root password to their linux boxes, which of course is the same password for each box.
Is there a way to prevent root from becoming another user, (su username), or at least prompt for a DIFFERENT password once you get to that point; as in adding an additional layer of security onto it?
Please give me any advice you have on this if it's possible. If it is not possible, I would be ok with that, so either way I would appreciate any information one had to offer.
Giving the ClearCaseUsers was just something that was pre-existing when I came into the situation. I had a feeling I was just going to have to change the root password, but I just wanted to confirm there was nothing else I could do, or that there were no more suggestions. Thanks
Actually Proud, thanks for asking that. The real problem is not really the users having root access, but the ability to ssh into a box(which we do allow and that' s ok) and change over to a different user on that box and open a ClearCase View as someone else. It is difficult to track things when you don't know if the user is the one that acutually opened the view! thanks
that's almost the situation that happens. It is more like user X ssh's into a box as root, then su - another user and checks out clearcase views as that user...I understand giving users root access is a security risk, and if that is the only suggestion, then we will change the root on every box. I was just curious if there was another way. Thanks!
You can (and should!) disable root login via ssh. Edit /etc/ssh/sshd_config and set :
PermitRootLogin no
This is true regardless of your problems. See sticky thread at top of this forum.
Also, change the root passwds anyway, thus preventing user's from pretending to be someone else. (via su - )
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.