Re: RedHat security

From: Rex Dieter (rdieter@unl.edu)
Date: 06/14/02 

From: Rex Dieter <rdieter@unl.edu>
Date: Fri, 14 Jun 2002 06:40:57 -0500

Yuan Liu wrote:

> Nearly every time I set up a RedHat distribution (starting from 6.0)
> anywhere, I find myself asking the same questions. That's why I don't
> usually dare to install RH if its my own system. Generally I'm quite
> confused about its philosophy. Hope someone can shed a light on these.
>
> 1. If someone is physically at the console, he gets total control.
> - No logon for single user stage. I know several commercial Unises (or

Not true if you enable password protection with the grub bootloader.

> - Anyone, any user can reboot the system.

Then configure this via /etc/shutdown.allow.

>
> 2. Anyone can mount/umount a floppy or CD by default. Shouldn't the
> default be not able to, then allow the admin to grant privilege? And
> what's wrong with keeping it tight with sudo and stuff?
 
Most users USED to complain that ONLY root could mount things, so now redhat
defaults to adding the 'owner' attribute to removable media in /etc/fstab.
If you don't like that, remove 'owner'.

> 3. Anyone can run, sigh, even grub. Does this scare someone other than
> myself?

They can run it, but cannot do anything or write to the bootsector... so
this is harmless. 

-- 
Rex A. Dieter                   rdieter@unl.edu 
Computer System Administrator   http://www.math.unl.edu/~rdieter/
Mathematics and Statistics               
University of Nebraska Lincoln