From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_NEUTRAL autolearn=no version=3.2.5 Date: Tue, 02 Mar 2010 06:06:36 -0600 From: Virtual Sky In-reply-to: <1267516014.24688.14.camel@latitude.arlan> To: "ALT Linux users (in English only)" Message-id: <4B8CFF4C.3080108@gmail.com> MIME-version: 1.0 Content-type: text/plain; charset=UTF-8; format=flowed Content-transfer-encoding: 8BIT References: <4B8C7278.2060404@gmail.com> <20100302073437.GR18182@osdn.org.ua> <1267516014.24688.14.camel@latitude.arlan> User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.8.1.23) Gecko/20090910 SeaMonkey/1.1.18 X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5, 1.2.40, 4.0.166 definitions=2010-03-02_06:2010-02-06, 2010-03-02, 2010-03-01 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1003020055 Subject: Re: [Comm-en] ALT Server 4.0 - Preventing Root Log-ins X-BeenThere: community-en@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: virtualsky.sk@gmail.com, "ALT Linux users \(in English only\)" List-Id: "ALT Linux users \(in English only\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 12:08:30 -0000 Archived-At: List-Archive: > В Втр, 02/03/2010 в 09:34 +0200, Michael Shigorin пишет: > >> On Mon, Mar 01, 2010 at 08:05:44PM -0600, Virtual Sky wrote: >> >>> How difficult would it be to configure my ALT Server 4.0 box to >>> disallow 'root' user log-ins and only allow a regular user >>> log-in and then 'su' to the root account? >>> >> I'd do something like this to invalidate root password: >> >> cp -a /etc/tcb/root/shadow /etc/tcb/root/shadow- >> echo 'root:x:14029::::::' > /etc/tcb/root/shadow >> >> >>> If easy enough to configure, how does this affect the web >>> browser configurator interface? Can you specify a regular user >>> as the "administrator" to log in via the web interface? >>> >> AFAIR no. >> > AFAIK, this is technically possible to login into the web interface with > any valid user, but insufficient permissions handling is inconsistent. > Nothing destructive should happen though, so I'd try, if I were you. > > > ------------------------------------------------------------------------ > > _______________________________________________ > community-en mailing list > community-en@lists.altlinux.org > https://lists.altlinux.org/mailman/listinfo/community-en Thanks, everybody! I figured that dis-allowing root log-in would be easy to do, but was concerned about the web configurator interface. If I feel brave enough, perhaps I'll give your suggestions a try. ;o) David.