> Subject: Re: Need help in securing maildir so that > root usershouldnot able to read anyother user's mail > > > > When you have to do system maintenance, you will have to > > boot from CD, fix the root account, reboot and do the > > maintenance. The sysadmin will do the maintenance from > > a checklist while a large Marine guard with and M16 follows > > along. When done, scramble the root password. > > Boot from CD?!?! Linux single is all you need. > > A large Marine guard? Man, this must be a joke post right? > Where is the > smiley? Bring along a clueless Marine armed with a M16? True, there was humor mixed in with the suggestion. The Marine part comes from tales some friends of mine told who worked with nuclear weapons while they were in the service. Whenever maintenance was being applied, two soldiers with M16's were watching them and had copies of the checklist. The idea was to avoid any funny business. Assuming you do now wish to used a secure "rootless" system, disabling root except when doing system maintenance and having someone observing the system admin is a way to get the job done. You cannot just go to single user mode because going to single user normally requires you to enter the root password. With the root account disabled or having a scrambled password, you will not be able to do this. Thus the suggestion of using the boot CD. Of course if access to the machine is not secure, you have to talk about encrypting the contents with passwords only the users have. Bob Styma _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos