user with root priviledge
William Hooper
whooperhsd3 at earthlink.net
Mon Apr 19 17:32:53 UTC 2004
Keven Ring said:
> *IF* one performs an "su -" from the prompt, there is a log of who
> logged in as root [will be one of john, bill, or sam]. *IF* one
> remotely logs in as root, then where they came from is logged [and by
> looking at who was logged on, could inform you which of john, bill, or
> same performed the dirty work].
Doesn't help if multiple users are logged and have ran "su -". You only
get a log saying that they have ran su, not what commands they have
executed as root.
> OTOH, if rm -rf / is executed, as root, this will wipe the hard drive,
> including logs.....
That's why syslogd has a network logging function.
> [Note, I have performed this on a running system *on purpose* [it was
> going to be re-imaged anyway]].
>
> Note, also, that NFS mounts and such often require root password
> priviledges. So, if john, bill, and sam all know root password, then
> you are setting yourself up for some bad situations.
Which is why automounting is usually set up.
--
William Hooper
More information about the fedora-list
mailing list