Suren Karapetyan wrote:
Steve Grubb wrote:
IOW, if we open the permissions, we need to make these become setuid root so
that we send audit events saying they failed.
No you don't, cause you said yourself filesystem-level auditing is still
done.
So if someone tries to use usermod to modify /etc/passwd and hasn't the
permissions it takes, it will be logged.
usermod is just another tool to modify /etc/passwd, ...
With exactly the same reasoning You could chmod 750 /bin/vi
And, of course, /bin/bash which is equally capable of modifying files.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
