>
> (must I)/can I reduce as much as possible the privileges/access rights
> of the my_aux_login account? so that if somebody breaks _its_
> password, it won't be able to do anything, including browsing around
> to see what's installed?
Ah. I think I have a clearer idea on what your wanting to do now. You
may want to look at SELinux (Comes with CentOS 4 but may either be
enabled,set to warn or disabled depending on how it was installed).
I have yet had time to understand the SELinux mechanism but I recall a
discussion where the person used SELinux to reconfigure what the root
account could do, left the console logged in and asked people to break
into the system using the root account. If SELinux can be used to change
how root behaves it should be able to do the same with non-root
accounts.
Anyhow here are some links I found that may help.
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guid
e/rhlcommon-section-0047.html
http://danwalsh.livejournal.com/1538.html
http://www.nsa.gov/selinux/
-Greg
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
