| 1 |
On Sat, Nov 14, 2009 at 2:01 AM, Joshua Murphy <poisonbl@×××××.com> wrote: |
| 2 |
> On Fri, Nov 13, 2009 at 7:24 PM, Mick <michaelkintzios@×××××.com> wrote: |
| 3 |
>> On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote: |
| 4 |
>>> On Thu, 2009-11-12 at 22:18 +0000, Mick wrote: |
| 5 |
>>> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote: |
| 6 |
>>> > > Gdm itself has a config option to disallow root logins |
| 7 |
>>> > |
| 8 |
>>> > Ahh, unfortunately I can only access it remotely via ssh at this stage. |
| 9 |
>>> > Hopefully the pam method will work fine. |
| 10 |
>>> |
| 11 |
>>> You don't need anything more to configure gdm than ssh access - this is |
| 12 |
>>> Linux after all & a good program has text based configurations :) |
| 13 |
>>> |
| 14 |
>>> Edit /etc/X11/gdm/custom.conf |
| 15 |
>>> |
| 16 |
>>> In the section [security] add: |
| 17 |
>>> AllowRoot=false |
| 18 |
>> |
| 19 |
>> Thanks for this! :-) |
| 20 |
>> |
| 21 |
>>> You may then have to restart xdm. |
| 22 |
>>> |
| 23 |
>>> However, if someone has the root password to log in to X, then what's to |
| 24 |
>>> stop them changing anything you do now? |
| 25 |
>> |
| 26 |
>> Know how? |
| 27 |
>> -- |
| 28 |
>> Regards, |
| 29 |
>> Mick |
| 30 |
> |
| 31 |
> Approach security a little more sanely and don't give untrusted users |
| 32 |
> root access? If you have to take steps to restrict the root account, |
| 33 |
> you need to rethink who has use of it. Preventing damage in the event |
| 34 |
> that the system *does* get compromised is one thing, but trying to |
| 35 |
> control someone who is *given* access to root on the software side is |
| 36 |
> the wrong approach, in my incredibly non-humble opinion. |
| 37 |
> |
| 38 |
> -- |
| 39 |
> Poison [BLX] |
| 40 |
> Joshua M. Murphy |
| 41 |
|
| 42 |
And, a quick note on the case that the intent is to prevent the level |
| 43 |
of damage in the event of a compromised root account, give this a |
| 44 |
quick read over and google any terms you're not certain of the meaning |
| 45 |
of: |
| 46 |
|
| 47 |
Linux.com :: Securing Linux with Mandatory Access Controls |
| 48 |
http://www.linux.com/archive/feature/113941 |
| 49 |
|
| 50 |
-- |
| 51 |
Poison [BLX] |
| 52 |
Joshua M. Murphy |
Archives