Multiple Root ID's considered evil?
Rusty Carruth
rusty at cadnetix.COM
Wed Sep 20 08:31:21 AEST 1989
In article <3812 at helios.ee.lbl.gov> envbvs at epb2.lbl.gov (Brian V. Smith) writes:
>< >... preferring people to log in as
>< >themselves and su.
>
>< What's the diff?
>
>That way you have an audit trail of people who have su'ed,
>either in /var/log/authlog (SunOs4.0) or /usr/adm/sulog (Ultrix X.X).
>
>Brian V. Smith (bvsmith at lbl.gov)
However, I would like to remind you that, should someone become root
who wishes to hide that fact, and should /var/log/authlog be someplace
that the root-ed person can touch... well, lets just say that your
log means nothing in this case, since root can go edit that file
and remove the entries. Or even change them to reference someone
else rather than themselves.
Nope, sorry, but once someone becomes root the logs mean nothing
if that person knows where they are (and how to change them).
I could tell you a long story about this as it relates to the
Univac 1100 series, but then this is
comp.UNIX.wizards....
^^^^
----------
Rusty Carruth UUCP:{uunet,boulder}!cadnetix!rusty DOMAIN: rusty at cadnetix.com
Daisy/Cadnetix Corp. (303) 444-8075\ 5775 Flatiron Pkwy. \ Boulder, Co 80301
Radio: N7IKQ 'home': P.O.B. 461 \ Lafayette, CO 80026
More information about the Comp.unix.wizards
mailing list