1 |
On Sat, Nov 14, 2009 at 2:01 AM, Joshua Murphy <poisonbl@×××××.com> wrote: |
2 |
> On Fri, Nov 13, 2009 at 7:24 PM, Mick <michaelkintzios@×××××.com> wrote: |
3 |
>> On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote: |
4 |
>>> On Thu, 2009-11-12 at 22:18 +0000, Mick wrote: |
5 |
>>> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote: |
6 |
>>> > > Gdm itself has a config option to disallow root logins |
7 |
>>> > |
8 |
>>> > Ahh, unfortunately I can only access it remotely via ssh at this stage. |
9 |
>>> > Hopefully the pam method will work fine. |
10 |
>>> |
11 |
>>> You don't need anything more to configure gdm than ssh access - this is |
12 |
>>> Linux after all & a good program has text based configurations :) |
13 |
>>> |
14 |
>>> Edit /etc/X11/gdm/custom.conf |
15 |
>>> |
16 |
>>> In the section [security] add: |
17 |
>>> AllowRoot=false |
18 |
>> |
19 |
>> Thanks for this! :-) |
20 |
>> |
21 |
>>> You may then have to restart xdm. |
22 |
>>> |
23 |
>>> However, if someone has the root password to log in to X, then what's to |
24 |
>>> stop them changing anything you do now? |
25 |
>> |
26 |
>> Know how? |
27 |
>> -- |
28 |
>> Regards, |
29 |
>> Mick |
30 |
> |
31 |
> Approach security a little more sanely and don't give untrusted users |
32 |
> root access? If you have to take steps to restrict the root account, |
33 |
> you need to rethink who has use of it. Preventing damage in the event |
34 |
> that the system *does* get compromised is one thing, but trying to |
35 |
> control someone who is *given* access to root on the software side is |
36 |
> the wrong approach, in my incredibly non-humble opinion. |
37 |
> |
38 |
> -- |
39 |
> Poison [BLX] |
40 |
> Joshua M. Murphy |
41 |
|
42 |
And, a quick note on the case that the intent is to prevent the level |
43 |
of damage in the event of a compromised root account, give this a |
44 |
quick read over and google any terms you're not certain of the meaning |
45 |
of: |
46 |
|
47 |
Linux.com :: Securing Linux with Mandatory Access Controls |
48 |
http://www.linux.com/archive/feature/113941 |
49 |
|
50 |
-- |
51 |
Poison [BLX] |
52 |
Joshua M. Murphy |