Can adding users be disabled.

TYURIN Aleksey Aleksey.TYURIN at raiffeisen.ru
Tue Feb 9 13:54:12 UTC 2010


Hi,

You can read the ideology of SELinux and the reasons for the existence of this technology.
I'm afraid that we're going beyond the topic.

I will say the main thing - this technology is quite popular.

Sometimes (rarely) the policy restricts the company's system administrator and has a security administrator.
The same situation with database management systems in the past 6 years.

In any case, the question the author's theme is the answer - SELinux. Even if the technology is controversial.
The technical solution instead the holy war of idealogy :)

Good Luck!

AT

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Marti, Robert
Sent: Tuesday, February 09, 2010 3:38 PM
To: General Red Hat Linux discussion list
Subject: Re: Can adding users be disabled.

The question needs to be asked - if you can't trust root, who can you trust?

Sent from my iPhone

On Feb 9, 2010, at 6:34, "TYURIN Aleksey"
<Aleksey.TYURIN at raiffeisen.ru> wrote:

> Yes, you can use simple methods: "rm /usr/sbin/useradd" or "chmod a- x
> /usr/sbin/useradd". But this only disable, but not deny.
> root-user can copy "useradd" binary file from another server and set
> execute bit.
>
> SELinux can deny operation useradd even for the root-user.
> Restart the server, in my opinion, is not required. But the need to
> restart several services and remounting of file systems.
>
> Good luck!
>
>
> AT
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Rohit khaladkar
> Sent: Tuesday, February 09, 2010 2:48 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Can adding users be disabled.
>
> Thanks Dustin! This worked like a charm!
>
> Tyurin, I cannot reboot the server right now , so was not able to try
> the selinux stuff. But I'll try that definitely.
>
> Thanks!
> Rohit Khaladkar.
>
> On Tue, Feb 9, 2010 at 4:49 PM, Dustin Larmeir <dustin at larmeir.com>
> wrote:
>
>> You can find the binary and chmod it to 000 and then use chattr -i,
>> That would stop it. - Dustin
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com [mailto:
>> redhat-list-bounces at redhat.com]
>> On Behalf Of Rohit khaladkar
>> Sent: Tuesday, February 09, 2010 4:11 AM
>> To: General Red Hat Linux discussion list
>> Subject: Can adding users be disabled.
>>
>> Hi All,
>> Can we disable adding users command "useradd" even for the root
>> user..?
>>
>>
>>
>> --
>> Thanks!
>> Rohit Khaladkar
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
> --
> Thanks!
> Rohit Khaladkar
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> -----------------------------------
> This message and any attachment are confidential and may be privileged
> or otherwise protected from disclosure.  If you are not the intended
> recipient any use, distribution, copying or disclosure is strictly
> prohibited. If you have received this message in error, please notify
> the sender immediately either by telephone or by e-mail and delete
> this message and any attachment from your system. Correspondence via
> e-mail is for information purposes only.
> ZAO Raiffeisenbank neither makes nor accepts legally binding
> statements by e-mail unless otherwise agreed.
> -----------------------------------
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-----------------------------------
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure.  If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have
received this message in error, please notify the sender immediately either by telephone or by e-mail and delete  this message and any attachment from your system. Correspondence via e-mail is for information purposes only.
 ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed.
-----------------------------------




More information about the redhat-list mailing list