Re: Zonealarm

From: Michael Zawrotny (zawrotny_at_jaguar.sb.fsu.edu)
Date: 06/10/05


Date: 10 Jun 2005 13:22:54 GMT

On Fri, 10 Jun 2005 07:36:53 GMT, Jacco <jacco425@hotmail.com> wrote:
>
> How things stand now its necessary for me to provide the root
> password if users want to modify their own systems. Given they are
> the customers I cannot really deny this.

Take a look into sudo. It was designed to allow administrators to
allow limited root privileges for selected commands and/or users (and
combinations thereof). To really lock down what people can do will
take more reading and work (not allowing programs with shell escapes,
etc.), but there is a lot of information out there on how to do that
if it is worthwhile for you to do so.

> Anyway if I refuse to give it to them they will just reboot into
> maintenance mode and change it and then do what they like possibly
> causing more damage.

Then you make sure that the terms of your contract with them clearly
state that fixing problems that they make by circumventing their user
accounts is outside of the contracted work, and will result in
additional charges.

Mike

-- 
Michael Zawrotny
Institute of Molecular Biophysics
Florida State University                | email:  zawrotny@sb.fsu.edu
Tallahassee, FL 32306-4380              | phone:  (850) 644-0069


Relevant Pages

  • Re: getaffinity/setaffinity and cpu sets.
    ... The notion would be that you can create a new numbered cpuset with cpuset. ... You can modify or inspect its affinity with get/setaffinity above and the CPU_WHICH_SET argument. ... This set would not be modifiable by user processes or by processes in a jail. ... Another option would be to expel the offending thread from the set that is in violation and reparent it to the real system root along with a syslog message or similar. ...
    (freebsd-arch)
  • Re: NIS with local root
    ... Yes - root can still su to the user and then modify the files using the ... Our liability is limited to ... re-supplying any affected attachments. ...
    (Focus-Linux)
  • Re: [SOLVED] /dev/fd0 problem
    ... when tired and working as root. ... After finding out about the 'fdmount' command, and, once run I was given ... I did some more reading and discovered that '/MAKEDEV fd0' should ...
    (Debian-User)
  • Re: Speed of file opening in 8.4.3 vs 8.3.4
    ... The total cost of opening a file, reading the first line and closing it is about ... # $prefix is parent directory of test, ... # $root is private root directory for test data, ... set start [clock seconds] ...
    (comp.lang.tcl)
  • Re: System reboot triggered by just reading a device file....!?
    ... "be careful if you are root" was what i got. ... anyway - it cost me some time to find a bug which was none and the only mistake i did was using a tool for which i was sure did nothing more than reading. ... Such a tool shouldn't need to open any files, whether they're device files or not. ...
    (Linux-Kernel)